Joomla! Improves Security With Acunetix Web Vulnerability Scanner

JavaScriptSearch
Thursday, October 26, 2006; 08:05 AM

Acunetix announced that Joomla!, an award-winning, open-source content management system, uses Acunetix Web Vulnerability Scanner to automatically audit its PHP-based website. Acunetix WVS scans the site for SQL injection, cross-site scripting and other vulnerabilities, thereby averting possible hacker attacks.

The need for an automated security auditing tool

The Joomla! Core Team Quality & Testing Working Group's mission is to help improve the quality, stability and security of the Joomla! Core Code, through continuous rigorous testing and quality reporting. The extensive PHP-based Joomla! Core Code was, until recently, tested manually. "Performing a manual security audit each time we released a new version would take up too many hours and resources. Manual auditing is highly complex and it means that you have to keep track of considerable volumes of code as well as the latest techniques being used by hackers. Finding an automated solution was, therefore, essential," said Mr. Muilwijk, member of the Quality and Testing Team.

Vulnerabilities discovered using Acunetix WVS

Using Acunetix Web Vulnerability Scanner, the developers at Joomla! were able to find high-risk SQL Injection vulnerabilities in no time. "The issues detected were of a major impact, if users/hackers would have found the security holes, they could have hacked an entire Joomla! site," said Mr. Muilwijk. Besides SQL Injection vulnerabilities, the software detected some low-level vulnerabilities related to the web server setup.

Fixing the bugs

"With Acunetix WVS, our developers were able to spot the vulnerabilities immediately and the issues were fixed quite easily," said Mr. Muilwijk "It was just a matter of using correct PHP standards and other practices such as input filtering. We ran the scans a few times on every new release, to ensure we did not miss any new issues after changing the core code. With Acunetix WVS we were able to improve the quality, stability and security of Joomla!"

The full case study can be viewed at: http://www.acunetix.com/vulnerability-scanner/cs_joomla.htm

Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injection, Cross site scripting and other vulnerabilities. Furthermore, Acunetix protects against the embedding of Javascript malware in a web-page through its JavaScript Analyzer. Such protection secures all AJAX applications. Acunetix WVS also checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist.

Acunetix provides free audit to help companies determine the security of their websites