With more than 30% of websites on the Internet running on Content Management Systems (CMSs) like WordPress, Drupal and Joomla!, CMS security is becoming an increasingly important factor in an organization security. Unfortunately, despite their popularity, thousands of CMS installations contain high-severity vulnerabilities which could easily allow attackers to gain access to the the CMS’s administrative interface, or even, in some cases the underlying system.
With popular CMSs running the majority of the sites on the Internet, it’s no surprise that CMSs are a juicy target for attackers — including novice attackers known as “script kiddies”. To add insult to injury, some organizations may be operating many CMS websites, making it a nightmare to keep track of security patches of each site they administer.
A CMS vulnerability scanner you can depend on
Acunetix is a web security scanner featuring a fully fledged CMS vulnerability scanner designed to be lightning fast and dead simple to use while providing all the necessary features to manage and track CMS vulnerabilities from discovery to resolution.
The CMS vulnerability scanner within Acunetix not only runs basic tests for vulnerable versions of WordPress, Drupal, Joomla! and other CMSs, but it will also enumerate and attempt to find vulnerabilities within CMS plugins (both open source as well as popular commercial plugins). CMS plugins are usually a source of concern for many security teams since they could be developed and distributed by anyone on the Internet and, as a result may not only contain vulnerabilities, but also malicious code.
As soon as Acunetix’s CMS vulnerability scanner comes across vulnerable versions of a CMS or installed plugins, it will will issue easy to understand alerts with actionable remediation instructions together with additional technical information for advanced users. What’s more, Acunetix also allows you to setup scheduled scans, or even to enable continuous scans to make sure you’re always in top shape.
Speed without sacrifices
Additionally, unlike many other CMS vulnerability scanners, Acunetix is lightning fast. With a re-engineered core, and a highly optimized crawler, every inch of Acunetix is tuned for speed and efficiency, allowing it to scan even even the largest CMS websites without breaking a sweat.
What’s more, Acunetix can throttle the speed at which a CMS vulnerability scan runs, ensuring that even high-traffic sites can be scanned without affecting their performance.
Say goodbye to boring reports
Finally, another problem that Acunetix solves which many other CMS vulnerability scanners sorely lack is the ability to produce great reports. After a CMS vulnerability scan is complete, Acunetix can instantly generate a wide variety of technical and regulatory and compliance reports such as PCI DSS, HIPAA, OWASP Top 10 and many others.
Additionally, Acunetix also allows users to export discovered vulnerabilities to Issue Trackers such as:
- Atlassian JIRA
- Microsoft Team Foundation Server (TFS).
We use Acunetix for initial site enumeration and to ensure that we cover all common surface area and attacks with at least a minimum level of testing. Most of our testing is completed manually and we find logic issues, and so on, but occasionally we focus on difficult to find issues instead of simple issues, like a file upload flaw hidden in the corner of a site that Acunetix brings to our attention.