skip to main content
research-article
Free access

Security in dynamic web content management systems applications

Published: 01 December 2009 Publication History

Abstract

Introduction
The processes behind corporate efforts to create, manage, publish, and archive Web information has also evolved using Web Content Management Systems (WCMS). WCMS allow teams to maintain Web content in a dynamic fashion through a user friendly interface and a modular application approach. This dynamic "on-the-fly" content creation provides Web site authors several advantages including access to information stored in databases, ability to personalize Web pages according to individual user preferences, and the opportunity to deliver a much more interactive user experience than static Web pages alone.11 However, there are distinct disadvantages as well. Dynamically generating Web content can significantly impact Web server performance, reduce the scalability of the Web site and create security vulnerabilities or denial of service.11 Organizations are adopting information technology without understanding such security concerns.1 Moreover, as Mostefaoui7 points out, even though many attempts have been made to understand the security architecture, a generic security framework is needed. Recent research amplifies the concerns and benefits of security in open source systems.2 However, there is a need for organizations to understand how to evaluate these open source systems and this paper highlights how an evaluation technique in terms of security may be used in an organization to assess a short list of possible WMCS systems. This article focuses on security issues in WCMS and the objective is to understand the security issues as well as to provide a generic security framework.
The contributions of this paper are to:
1. Integrate the goals of security with eight dimensions of WCMS,
2. Specify how to secure the eight dimensions of WCMS,
3. Formulate a framework of security using this integrated view of security goals and security dimensions, and
4. Address the security of the Web architecture at WCMS software application level using the framework and evaluate security features in popular WCMS used in the industry.

References

[1]
Dhillon, G., Backhouse, J. Technical opinion: Information system security management in the new millennium. Comm. ACM 43, 7, (July 2000), 125--128.
[2]
Hoepman, J., Jacobs, B. Increased security through open source. Comm. ACM 50, 1, (Jan. 2007), 79--83.
[3]
Huang, Y., Yu, F., Hang, C., Tsai, C., Lee, D.T., Kuo, S. 2004. Securing Web application code static analysis and runtime protection. Proceedings of the 13th international conference on World Wide Web, New York, NY, 40--52.
[4]
Joshi, J.B.D., Aref, W.G., Ghafoor, A., Spafford, E.H. Security models for Web-based applications. Comm. ACM 44, 2, (Feb. 2001), 38--44.
[5]
Karels, M.J. Features: Commercializing open source software. Queue 1,5, (2003), 46--55.
[6]
Maconachy, W.V., Schou, C.D., Ragsdale, D., Welch, D. 2001. A model for information assurance: An integrated approach. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, (June 5--6, 2001), West Point, NY: 306--310.
[7]
Mostefaoui, G.K. Security in pervasive environments, What's next? Security and Management Journal, 2003, 93--98.
[8]
PHP Security Consortium. PHP Security Guide 1.0. http://phpsec.org/php-security-guide.pdf, 2005.
[9]
Pfleeger, C. 1997. Security in Computing. Prentice Hall, Upper Saddle River, NJ, 1997.
[10]
Su, Z., Wassermann, G. 2006. The essence of command injection attacks in Web applications. 33rd ACM SIGPLAN-SIGACT symposium on Principles of Programming Languages, Charleston, SC, 2006: 372--382.
[11]
Titchkosky, L., Arlitt, M., Williamson, C. A performance comparison of dynamic Web technologies. ACM SIGMETRICS Performance Evaluation Review 31, 3, (2003), 1--11.
[12]
Vaughan-Nichols, S.J. XML shows promise, but don't underestimate its problems. News Forge, June 18, 2003.

Cited By

View all
  • (2024)User Experience, Functionality and Aesthetics Evaluation in an Academic Multi-Site Web EcosystemFuture Internet10.3390/fi1603009216:3(92)Online publication date: 8-Mar-2024
  • (2021)Information Security Risk Management in IT Outsourcing – A Quarter-century Systematic Literature ReviewJournal of Global Information Technology Management10.1080/1097198X.2021.199372524:4(259-298)Online publication date: 17-Dec-2021
  • (2016)A Study on Unified Security Mechanism and Platform for Centralized Business ContentsProceedings of the 9th International Conference on Security of Information and Networks10.1145/2947626.2951955(45-48)Online publication date: 20-Jul-2016
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 52, Issue 12
Finding the Fun in Computer Science Education
December 2009
127 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/1610252
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 2009
Published in CACM Volume 52, Issue 12

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Popular
  • Refereed

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)226
  • Downloads (Last 6 weeks)25
Reflects downloads up to 28 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)User Experience, Functionality and Aesthetics Evaluation in an Academic Multi-Site Web EcosystemFuture Internet10.3390/fi1603009216:3(92)Online publication date: 8-Mar-2024
  • (2021)Information Security Risk Management in IT Outsourcing – A Quarter-century Systematic Literature ReviewJournal of Global Information Technology Management10.1080/1097198X.2021.199372524:4(259-298)Online publication date: 17-Dec-2021
  • (2016)A Study on Unified Security Mechanism and Platform for Centralized Business ContentsProceedings of the 9th International Conference on Security of Information and Networks10.1145/2947626.2951955(45-48)Online publication date: 20-Jul-2016
  • (2015)A secure and efficient multicast protocol for enterprise collaboration systemsProceedings of the 2015 Conference on research in adaptive and convergent systems10.1145/2811411.2811526(302-307)Online publication date: 9-Oct-2015
  • (2015)Ubiquitous and Ambient ComputingWiley Encyclopedia of Management10.1002/9781118785317.weom070048(1-3)Online publication date: 21-Jan-2015
  • (2015)Content Management SystemsWiley Encyclopedia of Management10.1002/9781118785317.weom070014(1-3)Online publication date: 21-Jan-2015
  • (2014)Measuring perceived security in B2C electronic commerce website usage: A respecification and validationDecision Support Systems10.1016/j.dss.2014.02.00662(11-21)Online publication date: Jun-2014
  • (2013)Towards an Access-Control Metamodel for Web Content Management SystemsRevised Selected Papers of the ICWE 2013 International Workshops on Current Trends in Web Engineering - Volume 829510.1007/978-3-319-04244-2_14(148-155)Online publication date: 8-Jul-2013
  • (2012)Vulnerabilities through Usability Pitfalls in Cloud ServicesProceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2012.297(850-856)Online publication date: 25-Jun-2012
  • (2012)A strong authentication with key agreement scheme for web-based collaborative systems2012 International Symposium on Intelligent Signal Processing and Communications Systems10.1109/ISPACS.2012.6473508(343-348)Online publication date: Nov-2012
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Full Access

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media