Web CMS Scan
SAFE CORE
- Vulnerability detection and identification
- Advanced analytics and monitoring
- Detailed reporting to strengthen security
Fill out the form to start the scan
Get your free report within 24 hours
What is it?
The Web CMS Vulnerability Scanner is a tool that helps you to discover security problems and vulnerabilities in the website, created with a CMS (Content Management System) such as WordPress, Joomla, Drupal, depending on the version of the CMS installed. Thanks to this feature, it will be possible to carry out an in-depth analysis of the site to highlight the severity of the vulnerabilities of the CMS used and plan the necessary interventions to resolve them.
A vulnerable CMS can lead an attacker to take full control of the site, giving him the ability to modify the contents, create and remove users and in the worst case gain control of the server on which the web-application is installed. In recent years, more and more companies and institutional bodies have adopted this technology, the choice is almost always dictated by the complexity of the project to be managed.
How it works
The scan is performed remotely, without authentication and simulates an external attacker trying to break into the target website.
- The scanner connects to the target website and performs a series of passive checks to identify the version of the CMS used, plug-ins, themes, users, configuration backups, database dumps and timthumbs.
- By analyzing the HTML source code and HTTP headers, Web CMS Scanner manages to extract all the information needed to perform the assessment. The vulnerabilities presented are determined based on the specific versions of CMS or plugins/themes that have been identified.
- The tool also incorporates a vulnerability database of the CMS used which receives regular updates and maintenance.
How CMS are hacked
The most used platforms become the favorite target for hackers.
Their attacks are facilitated by the large number of outdated CMS installations and outdated plugins and themes. These old component versions contain vulnerabilities and security weaknesses that can be exploited.
A hack often begins by identifying what version of the CMS you are running and what plugins and themes are installed.
The next step is the detect running versions of those components and look for public vulnerabilities affecting them. Many public exploits are also available online.
Precautions
- Never neglect updates! Even a basic CMS is not immune to vulnerabilities, it is necessary to follow the project and find out about the presence of new releases;
- Only use certified addons. The greatest dangers for those who use a CMS are in using third-party addons with very low code quality;
- Be careful when assigning permissions to various users. Almost all CMSs have a multi-user structure, assigning the right permissions means allowing or inhibiting access to restricted sections or contents;
- Be careful if you are using a shared hosting service. Even if this factor is not strictly related to the CMS, remember that some configuration files contain sensitive information such as username and password. Wrong setting access permissions to these files would allow another user to easily obtain this information.