Playing it safe with CMS

Security study for the BSI

Contact

Berlin
Brussels
Delhi
Hamburg
Cologne
Mainz
Munich
Berlin

Köpenicker Straße 9
10997 Berlin

+49 30 97006 0
Europa

Square Ambiorix 10
B-1000 Brussels
Belgium

+32 2 880 06 14
India

7th Floor, 5A, Epitome Building
​DLF Cyber City, Phase III
Gurugram – 122 002, Haryana

+91 124-6483500
Hamburg

Poststraße 33
20354 Hamburg

+49 40 35085 171
Köln

Spiesergasse 20
50670 Cologne

+49 221 474421 80
Mainz

Weißliliengasse 5
55116 Mainz

+49 6131 55392 0
Munich

Sonnenstraße 10
80331 München
Germany

+49 89 8904471 0

CMS-based websites can provide opportunities for repeated attacks by hackers and malicious programs. Even the smallest of vulnerabilities can lead to unauthorized access to online applications, IT infrastructure and sensitive data. In order to assess just how safe Open Source content management systems actually are, the Federal Office for Information Security (BSI) commissioned a security study on content management systems from ]init[ and the Fraunhofer Institute for IT Security.

Screenshot PDF Sicherheitsstudie Content Management Systeme (CMS)

Client benefits

  • Descriptions of security threats and vulnerabilities in Drupal, Joomla!, Plone, TYPO3 and Wordpress
  • Action recommendations to protect the software reviewed in four typical application scenarios
  • Reliable safety assessment of CMS as part of planning and procurement in authorities

Partner

“The study provides important fundamentals in the field of IT security. It will give valuable support to public authorities, minimizing the security risks in their recommendations for CMS websites and thus also strengthening the confidence of citizens in e-government services. An essential prerequisite for this is secure CMS configuration, a professional management system and regular security reviews. I think one interesting result is that IT managers should allow at least 15 minutes per site daily to check for available patches, to make backups, and to install patches. This is too often overlooked. Security must not only be taken seriously in principle, but also be shown to be part of an organisation’s everyday work."
Dirk Stocksmeier
Chief Executive Officer, ]init[
Dirk Stocksmeier, ]init[