With more and more websites on the Internet running on Content Management Systems (CMSs) like WordPress, Drupal, and Joomla!, CMS security is becoming an increasingly important factor of organization security. Unfortunately, despite their popularity, thousands of CMS installations contain high-severity vulnerabilities, which could easily allow attackers to gain access to the the CMS administrative interface, or even, in some cases, the underlying system.
With popular CMSs running the majority of the sites on the Internet, it’s no surprise that CMSs are a juicy target for attackers – including novice attackers known as “script kiddies”. To add insult to injury, some organizations may be operating many CMS websites, making it a nightmare to keep track of security patches of each site they administer.
A CMS Vulnerability Scanner You Can Depend on
Acunetix is a web security scanner featuring a fully fledged CMS vulnerability scanner designed to be lightning-fast and dead-simple to use while providing all the necessary features to manage and track CMS vulnerabilities from discovery to resolution.
The CMS vulnerability scanner within Acunetix not only runs basic tests for vulnerable versions of WordPress, Drupal, Joomla!, and other CMSs, but it will also enumerate and attempt to find vulnerabilities within CMS plugins (both open source as well as popular commercial plugins). CMS plugins are usually a source of concern for many security teams since they could be developed and distributed by anyone on the Internet and, as a result, may not only contain vulnerabilities but also malicious code.
As soon as the Acunetix CMS vulnerability scanner comes across vulnerable versions of a CMS or installed plugins, it issues easy-to-understand alerts with actionable remediation instructions together with additional technical information for advanced users. What’s more, Acunetix also allows you to set up scheduled scans or even to enable continuous scans to make sure you’re always in top shape.
Speed Without Sacrifices
Additionally, unlike many other CMS vulnerability scanners, Acunetix is lightning-fast. With a re-engineered core and a highly optimized crawler, every inch of Acunetix is tuned for speed and efficiency, allowing it to scan even the largest CMS websites without breaking a sweat.
What’s more, Acunetix can throttle the speed at which a CMS vulnerability scan runs, ensuring that even high-traffic sites can be scanned without affecting their performance.
Say Goodbye to Boring Reports
Finally, another problem that Acunetix solves, which many other CMS vulnerability scanners sorely lack, is the ability to produce great reports. After a CMS vulnerability scan is complete, Acunetix can instantly generate a wide variety of technical, regulatory, and compliance reports such as PCI DSS, HIPAA, OWASP Top 10, and many others.
Additionally, Acunetix also allows users to export discovered vulnerabilities to issue trackers such as:
- Atlassian Jira
- Microsoft Team Foundation Server (TFS)
Frequently asked questions
If you use a CMS – yes, you do. We found out that more than 35% of web applications built using CMS platforms have vulnerabilities. This means that your CMS has a one-in-three chance of having a security vulnerability that may be used by someone to attack you.
You need a black-box scanner (DAST) to check your CMS. A white-box scanner (SAST) is only used during the development of custom-written applications. For a CMS, you need a specialized black-box scanner that focuses on CMS vulnerabilities. And you need a professional scanner like Acunetix that can also check your CMS host for network vulnerabilities and find malware in your CMS.
Some web vulnerabilities may have serious consequences. You may lose control over your CMS if someone can steal your admin password and change it. You may also lose all data stored in the CMS. An attacker may even potentially use your CMS later to attack your other interconnected systems.
Acunetix is a black-box scanner that has a lot of specific tests for all common CMS platforms including WordPress, Joomla!, and Drupal. It also has a lot of generic tests that apply to custom-made applications, including any custom CMS plugins. It is your best line of defense against malicious hackers.
Learn more about prominent vulnerabilities, keep up with recent product updates, and catch the latest news from Acunetix.
“We use Acunetix as part of our Security in the SDLC and to test code in DEV and SIT before being promoted to Production.”Kurt Zanzi, Xerox CA-MMIS Information Securtiy Office, Xerox