Start of main content
Using a web content management system (CMS) to implement or develop a business portal may be a more acceptable solution in terms of performance / quality / price but also should consider the security implications.
Many companies make use of CMS but do not take into account, in general, the basic security measures, one of the most controversial issues arising from the use of such tools.
Failures web content managers generally are problems caused by errors in the administration of both the CMS and system that supports it (hosting or housing), or install third-party modules or components but sometimes also derive of bugs in the manager itself.
With regard to webControl CMS, safety is and has always been a priority concern.
The latest version has been revised from the ground up for errors that compromise the security of the information, having successfully passed numerous safety audits of companies specializing in the sector.
In addition, CMS is protected webControl the main types of more common vulnerabilities in web application development, as reflected in the OWASP Top 10 Web Application Security Risks, such as:
- SQL injection
- Cross Site Scripting (XSS)
- Attacks against authentication and session management
- Cross Site Request Forgery (CSRF)
- Navigation insecure without SSL certificate
In relation to security, even though webControl CMS is safe, shares or more important steps to take are listed below:
- Choosing a hosting service (hosting) insurance
- Secure server configuration. It is vital to establish basic security parameters related to permissions and access to the server and thus pages served
- Platform Update. To the extent possible, and provided That The Chosen CMS version meets the needs, keep the system updated. This Ensures more protection against potential vulnerabilities. Important It is not only CMS update itself, but all the core software Also on Which it is based, starting with the operating system itself
- Limitation of installing third-party modules. One must refrain from installing modules which have not been audited and offer a level of safety that can compromise the platform
- Properly manage the portal. It is important to implement rail safety policies, which have no negative impact on the usability of the platform, related to user permissions and passwords
- Subscribe to security forums and lists. Being informed will allow rapid response to the occurrence of any problems
The National Institute of Communication Technologies, SA, (INTECO), a subsidiary of the Ministry of Industry, Energy and Tourism (MINETUR) through the Ministry of Telecommunications and Information Society (SETSI), provides its web of numerous documents about security in web environments.
End of main content