Content management systems.

The security issues are very important. Hackers can have access to the database system if the security isnt proper.

Def: Something that searches across info sources both structured and unstructured.

2 types: content managed by organisation and content on web.

CMS used for websites, shops, portals. Web CMS helps you change the website without knowing the code used for it.

WCMS divided into 2: Front end and back end.

Back end here mean the admin using a wordpress acount and not a person coding the database.

WCMS security: errors found at either the design or implementation level.  flaw is and error in the design level, bug is an error in the coding. They will impact the softwares purpose. risk=probability*impact. Networking applications are more vulnerable. Why? The processes can be semi automatic. These processes are available online and are fully automated, no skills needed.

WCMS security key vulnerabilities: Data is being manipulated, accessing confidential data, phishing (relates to the person who is filling info thinks its genuine when its used for wrong reasons), code execution (when the code goes over the stack or buffer and put your own code for execution), spam.

Data integrity: common approach is sql injection and web parameter tampering. egs, if you havent secured the parameter, if the webform is not secure, someone can change the values.

Accessing confidential info: Cross site scripting (take info from one website and use it in a different website). iframe allows you to put a whole web page into your website. It is more secure nowdays and doesnt allow you to do it anymore. dyanmic content: content got from web pockets and ajax. some other web oage can use your info for their own as well.

Code execution: If you were to upload a code when you were submitting a response to a comment, it shouldnt be allowed and generally just a simple text comment is allowed. If somebody uploaded a file on a client eg powershell, and someone downloaded it, the powershell will ruin their computer.

You dont wont your system to become a spam relay and attack other people.

WCMS attacks and counter measures:

Session hijacking (A webserver does not know who asked for that page. when you add an item to your cart, the server should not know who you are, but they add sessions for the computer using their server to add the items to the cart. Session hijacking is when someone will hijack that session and get your items sent to them after you have bought them).

Authentication bypass: Make sure no one can log into your account.

To be secure you need to be sure your authentication is correct, info in confidential, integrity and available. To achieve this, developers can use sophisticated authentication (two factor authentication, add two things to identify yourself eg salt), user access control (website will prevent access to some areas to users), mechanisms to determine and maintain confidentiality (eg not showing the whole credit card numbers, most common transaction system is visa, paypal).