Yassine Aboukir, profile picture
Uploaded byYassine Aboukir
PPTX, PDF357 views

Open Source CMS : How secure are they?

The document discusses the security of open source content management systems (CMS). It notes that while CMS platforms like WordPress, Drupal, and Joomla are popular and free, plugins and themes can be more vulnerable to security issues. However, the platforms themselves take security seriously and offer bug bounty programs. The document recommends keeping CMS platforms, plugins, and themes updated regularly, backing up data, and using a web application firewall to help secure open source CMS implementations.

Embed presentation

Download to read offline
Open Source CMS : How secure are they ? Software Freedom Day 2015
Who Am I ?  Yassine ABOUKIR,  2nd year business student at ISCAE Casablanca,  Web application security analyst,  Participant in bug bounty programs,  Listed in the Hall of Fame of : Google, Facebook, Twitter, Microsoft, Yahoo, PayPal, Adobe etc.
Why this topic ?
CMS, what’s that ? C  Content M  Management S  System
Popular Open Source CMS https://www.wordpress.org/ https://www.drupal.org/ https://www.joomla.org/ http://www.concrete5.org/
GPL(General Public License)
Open Source CMS market share Statistics from Web Technology Surveys
Some advantages  Free  Simple  Popular  Save time
How secure are they ? “ There is no such thing as absolute security “ “ Security through transparency ”
“ Drupal 8 Security bug bounty program: Get paid to find security ” 50$ - 1000$ Via: https://bugcrowd.com/drupal How secure are they ?
“ Automattic will pay you for security bugs in Wordpress ” Minimum is 50$ Via: https://hackerone.com/automattic How secure are they ?
“ Conrete5 will pay you for security bugs ” Minimum is 50$ Via: https://hackerone.com/conrecte5 How secure are they ?
 Plugins and themes are way more vulnerable. Final thoughts !
 Create a regular schedule to update or patch their CMS, and all installed plugins and themes. Final thoughts !  Regularly backup the CMS and its underlying database.  Set up a web application firewall : Incapsula, Cloudflare, sucuri etc.
Thank you! Follow me on Twitter https://twitter.com/Yassineabouki r I blog at http://yassineaboukir.com/blog

More Related Content

PDF
Bug Bounty Basics
byHackerOne
 
PDF
Vulners: Google for hackers
byKirill Ermakov
 
PPTX
Content Management System Security
bySamvel Gevorgyan
 
PPTX
Bug bounty
byRamin Farajpour Cami
 
PPTX
Bug bounty hunting
byredteamacademypromo
 
PDF
Bug Bounty Hunter's Manifesto V1.0
byDinesh O Bareja
 
PPTX
Bug Bounty
byHariprasad KA
 
PPTX
Bug bounty programs
byYassine Aboukir
 
Bug Bounty Basics
byHackerOne
 
Vulners: Google for hackers
byKirill Ermakov
 
Content Management System Security
bySamvel Gevorgyan
 
Bug bounty
byRamin Farajpour Cami
 
Bug bounty hunting
byredteamacademypromo
 
Bug Bounty Hunter's Manifesto V1.0
byDinesh O Bareja
 
Bug Bounty
byHariprasad KA
 
Bug bounty programs
byYassine Aboukir
 

What's hot

PDF
Web Application Security with PHP
byjikbal
 
PPTX
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
bySamvel Gevorgyan
 
PPTX
Basics of getting Into Bug Bounty Hunting
byMuhammad Khizer Javed
 
PDF
Yet another talk on bug bounty
byvinoth kumar
 
PPTX
Malvertisement the covert advert
byizoologic
 
PPT
Spyware Adware1
byrubal_9
 
PPTX
Websecurity fundamentals for beginners
bySamvel Gevorgyan
 
PPT
Spyware And Anti Virus Software Presentation
byamy.covington215944
 
PPTX
Web tools ppt
byTamara Pia Agavi
 
PPTX
Hack miami emiliocasbas
byEmilio Casbas
 
PPT
2011 Social Media Malware Trends
byLumension
 
PPTX
Owasp2013 johannesullrich
bydrewz lin
 
PDF
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
byMarco Balduzzi
 
PPTX
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes
byChris Furton
 
PDF
State of Web Security RailsConf 2016
byIMMUNIO
 
PDF
Vulnerability Funalitics with vulners.com
byKirill Ermakov
 
DOCX
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
bySamvel Gevorgyan
 
PPTX
Security-Web Vulnerabilities-Browser Attacks
byRaghu Addanki
 
PPT
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
byAkhil Sharma
 
PPTX
AppSecUSA 2016: 'Your License for Bug Hunting Season'
bybugcrowd
 
Web Application Security with PHP
byjikbal
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
bySamvel Gevorgyan
 
Basics of getting Into Bug Bounty Hunting
byMuhammad Khizer Javed
 
Yet another talk on bug bounty
byvinoth kumar
 
Malvertisement the covert advert
byizoologic
 
Spyware Adware1
byrubal_9
 
Websecurity fundamentals for beginners
bySamvel Gevorgyan
 
Spyware And Anti Virus Software Presentation
byamy.covington215944
 
Web tools ppt
byTamara Pia Agavi
 
Hack miami emiliocasbas
byEmilio Casbas
 
2011 Social Media Malware Trends
byLumension
 
Owasp2013 johannesullrich
bydrewz lin
 
Behind the scene of malware operators. Insights and countermeasures. CONFiden...
byMarco Balduzzi
 
Christopher Furton - Cybersecurity Threat Brief: Malvertising and Watering Holes
byChris Furton
 
State of Web Security RailsConf 2016
byIMMUNIO
 
Vulnerability Funalitics with vulners.com
byKirill Ermakov
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
bySamvel Gevorgyan
 
Security-Web Vulnerabilities-Browser Attacks
byRaghu Addanki
 
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
byAkhil Sharma
 
AppSecUSA 2016: 'Your License for Bug Hunting Season'
bybugcrowd
 

More from Yassine Aboukir

PPTX
Hacking WebApps for fun and profit : how to approach a target?
byYassine Aboukir
 
PDF
Le gouvernement marocain
byYassine Aboukir
 
PPTX
Entrepreneurship
byYassine Aboukir
 
PDF
Analyse concurrentielle
byYassine Aboukir
 
DOCX
Présentation sur la grande surface MARJANE
byYassine Aboukir
 
PPTX
Le développement : actualité 2013
byYassine Aboukir
 
Hacking WebApps for fun and profit : how to approach a target?
byYassine Aboukir
 
Le gouvernement marocain
byYassine Aboukir
 
Entrepreneurship
byYassine Aboukir
 
Analyse concurrentielle
byYassine Aboukir
 
Présentation sur la grande surface MARJANE
byYassine Aboukir
 
Le développement : actualité 2013
byYassine Aboukir
 

Recently uploaded

DOCX
Get Verified Payeer Accounts_ Complete Payeer Account Verification Guide (202...
byBEST IT SMM
 
PDF
5 Best FREE Anti-Detect Browsers in 2026
byRakeshChauhan821593
 
PDF
action man.pdf album sa slicicama panini...
byStefanFilipovic9
 
PDF
The Role of Micro-interactions in Modern Web Design
bydigitalcrafters0810
 
PDF
Modernize everything Microsoft session.pdf
byjeyfox1
 
PDF
anastasia panini album.pdf album sa slicicama
byStefanFilipovic9
 
PDF
alfred jonatan kvak panini album.pdf slicice
byStefanFilipovic9
 
PDF
album panini Evoksi.pdf panini album slicice
byStefanFilipovic9
 
PDF
Top 7 Instagram Monitoring Apps of 2025 – Feature Overview
byMichael Carter
 
PDF
Parallel and Distributed Databases NOTES.pdf
bywrushabsirsat
 
PDF
2025 Archive - Zsolt Nemeth web blogging
byZsolt Nemeth
 
PDF
Dublin Core Metadata : Library’s Digital DNA
byDeepanshu Kumar Yadav
 
PPTX
Victoria University Transcripts
byvgki5qphpa
 
PDF
Network Security Services for Businesses: 5 Simple Ways to Protect Your Network
byPreemptive Technofield
 
Get Verified Payeer Accounts_ Complete Payeer Account Verification Guide (202...
byBEST IT SMM
 
5 Best FREE Anti-Detect Browsers in 2026
byRakeshChauhan821593
 
action man.pdf album sa slicicama panini...
byStefanFilipovic9
 
The Role of Micro-interactions in Modern Web Design
bydigitalcrafters0810
 
Modernize everything Microsoft session.pdf
byjeyfox1
 
anastasia panini album.pdf album sa slicicama
byStefanFilipovic9
 
alfred jonatan kvak panini album.pdf slicice
byStefanFilipovic9
 
album panini Evoksi.pdf panini album slicice
byStefanFilipovic9
 
Top 7 Instagram Monitoring Apps of 2025 – Feature Overview
byMichael Carter
 
Parallel and Distributed Databases NOTES.pdf
bywrushabsirsat
 
2025 Archive - Zsolt Nemeth web blogging
byZsolt Nemeth
 
Dublin Core Metadata : Library’s Digital DNA
byDeepanshu Kumar Yadav
 
Victoria University Transcripts
byvgki5qphpa
 
Network Security Services for Businesses: 5 Simple Ways to Protect Your Network
byPreemptive Technofield
 

Open Source CMS : How secure are they?

  • 1.
    Open Source CMS: How secure are they ? Software Freedom Day 2015
  • 2.
    Who Am I?  Yassine ABOUKIR,  2nd year business student at ISCAE Casablanca,  Web application security analyst,  Participant in bug bounty programs,  Listed in the Hall of Fame of : Google, Facebook, Twitter, Microsoft, Yahoo, PayPal, Adobe etc.
  • 3.
  • 4.
    CMS, what’s that? C  Content M  Management S  System
  • 5.
    Popular Open SourceCMS https://www.wordpress.org/ https://www.drupal.org/ https://www.joomla.org/ http://www.concrete5.org/
  • 6.
  • 7.
    Open Source CMSmarket share Statistics from Web Technology Surveys
  • 8.
    Some advantages  Free Simple  Popular  Save time
  • 9.
    How secure arethey ? “ There is no such thing as absolute security “ “ Security through transparency ”
  • 10.
    “ Drupal 8Security bug bounty program: Get paid to find security ” 50$ - 1000$ Via: https://bugcrowd.com/drupal How secure are they ?
  • 11.
    “ Automattic willpay you for security bugs in Wordpress ” Minimum is 50$ Via: https://hackerone.com/automattic How secure are they ?
  • 12.
    “ Conrete5 willpay you for security bugs ” Minimum is 50$ Via: https://hackerone.com/conrecte5 How secure are they ?
  • 13.
     Plugins andthemes are way more vulnerable. Final thoughts !
  • 14.
     Create aregular schedule to update or patch their CMS, and all installed plugins and themes. Final thoughts !  Regularly backup the CMS and its underlying database.  Set up a web application firewall : Incapsula, Cloudflare, sucuri etc.
  • 15.
    Thank you! Follow meon Twitter https://twitter.com/Yassineabouki r I blog at http://yassineaboukir.com/blog