research-article

Free access

Security in dynamic web content management systems applications

Authors:

Ganesh Vaidyanathan,

Steven MautoneAuthors Info & Claims

Communications of the ACM, Volume 52, Issue 12

Pages 121 - 125

https://doi.org/10.1145/1610252.1610284

Published: 01 December 2009 Publication History

All formats PDF

Abstract

Introduction

The processes behind corporate efforts to create, manage, publish, and archive Web information has also evolved using Web Content Management Systems (WCMS). WCMS allow teams to maintain Web content in a dynamic fashion through a user friendly interface and a modular application approach. This dynamic "on-the-fly" content creation provides Web site authors several advantages including access to information stored in databases, ability to personalize Web pages according to individual user preferences, and the opportunity to deliver a much more interactive user experience than static Web pages alone.¹¹ However, there are distinct disadvantages as well. Dynamically generating Web content can significantly impact Web server performance, reduce the scalability of the Web site and create security vulnerabilities or denial of service.¹¹ Organizations are adopting information technology without understanding such security concerns.¹ Moreover, as Mostefaoui⁷ points out, even though many attempts have been made to understand the security architecture, a generic security framework is needed. Recent research amplifies the concerns and benefits of security in open source systems.² However, there is a need for organizations to understand how to evaluate these open source systems and this paper highlights how an evaluation technique in terms of security may be used in an organization to assess a short list of possible WMCS systems. This article focuses on security issues in WCMS and the objective is to understand the security issues as well as to provide a generic security framework.

The contributions of this paper are to:

1. Integrate the goals of security with eight dimensions of WCMS,

2. Specify how to secure the eight dimensions of WCMS,

3. Formulate a framework of security using this integrated view of security goals and security dimensions, and

4. Address the security of the Web architecture at WCMS software application level using the framework and evaluate security features in popular WCMS used in the industry.

References

[1]

Dhillon, G., Backhouse, J. Technical opinion: Information system security management in the new millennium. Comm. ACM 43, 7, (July 2000), 125--128.

Digital Library

Google Scholar

[2]

Hoepman, J., Jacobs, B. Increased security through open source. Comm. ACM 50, 1, (Jan. 2007), 79--83.

Digital Library

Google Scholar

[3]

Huang, Y., Yu, F., Hang, C., Tsai, C., Lee, D.T., Kuo, S. 2004. Securing Web application code static analysis and runtime protection. Proceedings of the 13^th international conference on World Wide Web, New York, NY, 40--52.

Digital Library

Google Scholar

[4]

Joshi, J.B.D., Aref, W.G., Ghafoor, A., Spafford, E.H. Security models for Web-based applications. Comm. ACM 44, 2, (Feb. 2001), 38--44.

Digital Library

Google Scholar

[5]

Karels, M.J. Features: Commercializing open source software. Queue 1,5, (2003), 46--55.

Digital Library

Google Scholar

[6]

Maconachy, W.V., Schou, C.D., Ragsdale, D., Welch, D. 2001. A model for information assurance: An integrated approach. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, (June 5--6, 2001), West Point, NY: 306--310.

Google Scholar

[7]

Mostefaoui, G.K. Security in pervasive environments, What's next? Security and Management Journal, 2003, 93--98.

Google Scholar

[8]

PHP Security Consortium. PHP Security Guide 1.0. http://phpsec.org/php-security-guide.pdf, 2005.

Google Scholar

[9]

Pfleeger, C. 1997. Security in Computing. Prentice Hall, Upper Saddle River, NJ, 1997.

Digital Library

Google Scholar

[10]

Su, Z., Wassermann, G. 2006. The essence of command injection attacks in Web applications. 33^rd ACM SIGPLAN-SIGACT symposium on Principles of Programming Languages, Charleston, SC, 2006: 372--382.

Digital Library

Google Scholar

[11]

Titchkosky, L., Arlitt, M., Williamson, C. A performance comparison of dynamic Web technologies. ACM SIGMETRICS Performance Evaluation Review 31, 3, (2003), 1--11.

Digital Library

Google Scholar

[12]

Vaughan-Nichols, S.J. XML shows promise, but don't underestimate its problems. News Forge, June 18, 2003.

Google Scholar

Cited By

View all

Giannakoulopoulos APergantis MLamprogeorgos A(2024)User Experience, Functionality and Aesthetics Evaluation in an Academic Multi-Site Web EcosystemFuture Internet10.3390/fi1603009216:3(92)Online publication date: 8-Mar-2024
https://doi.org/10.3390/fi16030092
Bhatti BMubarak SNagalingam S(2021)Information Security Risk Management in IT Outsourcing – A Quarter-century Systematic Literature ReviewJournal of Global Information Technology Management10.1080/1097198X.2021.199372524:4(259-298)Online publication date: 17-Dec-2021
https://doi.org/10.1080/1097198X.2021.1993725
Hong YKim Y(2016)A Study on Unified Security Mechanism and Platform for Centralized Business ContentsProceedings of the 9th International Conference on Security of Information and Networks10.1145/2947626.2951955(45-48)Online publication date: 20-Jul-2016
https://dl.acm.org/doi/10.1145/2947626.2951955
Show More Cited By

Index Terms

Security in dynamic web content management systems applications
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Security framework for web content maintenance
Web Content Management Systems: using Plone open source software to build a website for research institute needs
ICDT '06: Proceedings of the international conference on Digital Telecommunications

Information structured as web content is more and more important for an organization that needs to distribute knowledge and share information. Publishing web content is becoming a complex process that requires an adequate information system which is ...
Influence of web content management systems in web content accessibility
INTERACT'11: Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV

Web Content Management Systems (CMS) are traditionally used in institutions to allow web content management by people without technical skills. This study intends to check the influence of the CMS in the accessibility of the contents they handle. First, ...

Comments

Information & Contributors

Information

Published In

Communications of the ACM Volume 52, Issue 12

Finding the Fun in Computer Science Education

December 2009

127 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/1610252

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 2009

Published in CACM Volume 52, Issue 12

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
2,634
Total Downloads

Downloads (Last 12 months)226
Downloads (Last 6 weeks)25

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Giannakoulopoulos APergantis MLamprogeorgos A(2024)User Experience, Functionality and Aesthetics Evaluation in an Academic Multi-Site Web EcosystemFuture Internet10.3390/fi1603009216:3(92)Online publication date: 8-Mar-2024
https://doi.org/10.3390/fi16030092
Bhatti BMubarak SNagalingam S(2021)Information Security Risk Management in IT Outsourcing – A Quarter-century Systematic Literature ReviewJournal of Global Information Technology Management10.1080/1097198X.2021.199372524:4(259-298)Online publication date: 17-Dec-2021
https://doi.org/10.1080/1097198X.2021.1993725
Hong YKim Y(2016)A Study on Unified Security Mechanism and Platform for Centralized Business ContentsProceedings of the 9th International Conference on Security of Information and Networks10.1145/2947626.2951955(45-48)Online publication date: 20-Jul-2016
https://dl.acm.org/doi/10.1145/2947626.2951955
Lu YKuo CChou SWang RNadimi ECerny TKim SWang W(2015)A secure and efficient multicast protocol for enterprise collaboration systemsProceedings of the 2015 Conference on research in adaptive and convergent systems10.1145/2811411.2811526(302-307)Online publication date: 9-Oct-2015
https://dl.acm.org/doi/10.1145/2811411.2811526
Niederman F(2015)Ubiquitous and Ambient ComputingWiley Encyclopedia of Management10.1002/9781118785317.weom070048(1-3)Online publication date: 21-Jan-2015
https://doi.org/10.1002/9781118785317.weom070048
Niederman F(2015)Content Management SystemsWiley Encyclopedia of Management10.1002/9781118785317.weom070014(1-3)Online publication date: 21-Jan-2015
https://doi.org/10.1002/9781118785317.weom070014
Hartono EHolsapple CKim KNa KSimpson J(2014)Measuring perceived security in B2C electronic commerce website usage: A respecification and validationDecision Support Systems10.1016/j.dss.2014.02.00662(11-21)Online publication date: Jun-2014
https://doi.org/10.1016/j.dss.2014.02.006
Martínez SGarcia-Alfaro JCuppens FCuppens-Boulahia NCabot J(2013)Towards an Access-Control Metamodel for Web Content Management SystemsRevised Selected Papers of the ICWE 2013 International Workshops on Current Trends in Web Engineering - Volume 829510.1007/978-3-319-04244-2_14(148-155)Online publication date: 8-Jul-2013
https://dl.acm.org/doi/10.1007/978-3-319-04244-2_14
Hahn TKunz TSchneider MVowe S(2012)Vulnerabilities through Usability Pitfalls in Cloud ServicesProceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2012.297(850-856)Online publication date: 25-Jun-2012
https://dl.acm.org/doi/10.1109/TrustCom.2012.297
Lu YLin PYe SWang RChou S(2012)A strong authentication with key agreement scheme for web-based collaborative systems2012 International Symposium on Intelligent Signal Processing and Communications Systems10.1109/ISPACS.2012.6473508(343-348)Online publication date: Nov-2012
https://doi.org/10.1109/ISPACS.2012.6473508
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Security framework for web content maintenance

Web Content Management Systems: using Plone open source software to build a website for research institute needs

Influence of web content management systems in web content accessibility

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Magazine Site

Login options

Full Access

Share

Share this Publication link

Share on social media

Affiliations