Security in Open Source Web Content Management Systems

Internet Security Security in Open Source Web Content Management Systems

Users of Web content management systems (WCMSs) lack expert knowledge of the technology itself, let alone its security issues. Complicating this, WCMS vulnerabilities are attractive targets for attackers, leaving the applications and their nonexpert users open to exploitation.

Mi c h a e l any Web applications, such as those for Among CMSs, Me i k e e-commerce or collaboration, use out- we distinguish Trusted Bytes of-the-box Web content management between those focused on the Web and the enter- systems. WCMSs let users who don’t prise. Historically, the content management concept Jo h a n n e s haveM in-depth development knowledge easily build originated from organizations’ efforts to manage Sa m e t i n g e r a customized Web site with broad functionality. For Web content.2 The enterprise content management a n d An d r e a s small- and medium-sized enterprises, open source (ECM) concept reaches beyond Web content man- Wi e s a u e r WCMSs offer an easy to use, low-cost alternative to agement, however, addressing management of “the Johannes commercial software. However, these systems raise convergence of all front-end applications and devices Kepler significant security issues. with back-end document/file management systems University Security is critical to any Internet-connected in- and databases.”2 ECM involves not only technical formation system; vulnerabilities can create serious systems, but also “the strategies, tools, processes and consequences for system users and operators, includ- skills an organization needs to manage its informa- ing stolen credit-card data or customer information. tion assets over their lifecycle.”3 Because of their wide usage, open source WCMSs In contrast, according to current understanding, are a desirable target for attackers. Once mali- a WCMS supports creating and publishing content cious users discover a vulnerability in a particular structured in Web formats, such as HTML, XHTML, WCMS, they can carry out attacks on many—if not XML, and PDF. A WCMS also lets users review, ap- all—of the applications built with it. Open source prove, and archive content, and (sometimes) offers WCMS developers are aware of this and have estab- version control.4 Using such functions, users can lished security teams, Internet forums, and security implement an editorial process that comprises several tips for users. Still, the security of such systems re- roles with varying privileges, including authors, remains unclear. To shed light on it, we’ve selected viewers, and consumers. two popular open source WCMSs based on PHP: An organization might, for example, use a WCMS Hypertext-Preprocessor (PHP) and analyzed them to build corporate Web sites, online shops, or com- for well-known vulnerabilities. munity portals. The major advantage of a WCMS is that it lets site creators modify content without having Web Content to edit code or possess other specialized knowledge. Management Systems Organizations typically store the content in databases Heidi Collins defines content management as main- and publish, modify, and remove it using graphical taining, organizing, and searching across information user interfaces. sources, both structured (databases) and unstruc- A WCMS can be divided by front- and back-end tured (documents, emails, video files, and so on).1 functionality. The front end presents available content

to consumers, who typically don’t have permission to user data by placing manipulated input forms on change or edit the content. However, front-end users pages managed by a WCMS. They can also exploit are sometimes granted special permissions, such as to WCMS vulnerabilities to lure users to replicated submit comments on articles. Web sites that mimic an official site, such as a bank, Publishing and editing is done via the application’s and gather data accordingly. back end, which is the workplace for authors and re- • Code execution. Attackers can exploit WCMS vul- viewers. Authors typically enter their content using a nerabilities to load files or programs containing de- rich text editor, which creates HTML, XHTML, or fective code onto a Web server. They can do this by XML markup. They render this markup by applying using even simple graphic files. The WCMS must style sheets—such as CSS or XSL—which authors can carefully verify inputs because such an attack can adapt to suit their design needs. harm not only the WCMS itself, but also other applications on the same server. WCMS Security • Spam. Here, Web crawlers scan the Internet for valid In software systems, security vulnerabilities are de- email addresses and send spam accordingly. Attack- fects at either the design or implementation level. ers can also use an application vulnerability to send Gary McGraw defines a bug as an implementation- spam through the application’s server, turning it into level software problem and a flaw as a problem that’s a spam relay server. “certainly instantiated in software code, but is also present on the design level.”5 Examples of flaws in- As these examples show—and Michael Howard clude error-handling problems and broken or illogi- and David LeBlanc note—Web applications in gen- cal access control. Bugs and flaws create risks, which eral, and WCMSs in particular, operate in a hostile are the probability that a flaw or a bug will impact environment.9 the software’s purpose: risk = probability × impact.5 Software defects might exist for a long time before at- Attacks and Countermeasures tackers actually exploit them. Attackers use various attack patterns, which are blue- Networking applications—especially those ex- prints for creating a particular type of attack. Each posed to the Internet—are much more vulnerable to attack consists of several phases of discovery and ex- threats than conventional stand-alone desktop applica- ploitation; the pattern generalizes the steps so that tions as many more users can access them, and access other malicious users can successfully attack the appli- is much harder to control. Often, attacks over the In- cation. Attack patterns can include many dimensions, ternet are almost fully automated, and many tools let such as timing, resources required, and techniques.10 people with even minor technical knowledge (known Because of a WCMS’s wide application area, the as “script kiddies”) exploit vulnerabilities. possible harm due to attacks is manifold. If a WCMS is used as an e-commerce site, attackers might obtain Key Vulnerabilities confidential customer data, such as credit-card infor- As a Web application, a WCMS is an attractive target mation. If the site’s owner had failed to properly se- for attackers and a major source of security vulner- cure the WCMS, an attack disclosure could lead to abilities.6 Threats affect one or more security aspects. claims for damages, as well as a general loss of cus- According to several experts,7,8 Web application tomer confidence. threats include In other cases, attackers might gather user information, such as addresses and profiles, and sell the infor- • Data manipulation. This type of attack violates data mation to the site’s competitors. A WCMS can also be integrity, and the resulting data loss or perversion sabotaged and rendered inaccessible. This could, for can have serious consequences. Common attack example, lead to a decline in sales. techniques here include parameter manipulation On corporate WCMS Web sites, attackers might and SQL injection. utilize security leaks to upload malicious code and • Accessing confidential data. Here, attackers access off- harm a company’s IT infrastructure. Attackers might the-record data using techniques such as structured also alter the company’s Web site content by, for ex- Query Language (SQL) injection and cross-site ample, adding dubious and suspect content to tarnish scripting (XSS). the company’s reputation. • Phishing. This attack gathers confidential data—such To be considered secure, a Web application must as bank account information, social security num- ensure bers, or passwords—by contacting users under false pretences via email and luring them to Web sites • authentication, by verifying that entities or people where they’re encouraged to enter personal data. are who they pretend to be; For example, attackers might use XSS to gather • confidentiality, by hiding information from unau-

www.computer.org/security 45 Internet Security

such estimates. Additionally, UK Linux World named Webman Joomla the Best Linux/Open Source Project in 2006 MMBase (www.joomla.org/announcements/general-news/ Java 2165-joomla-wins-again-at-uk-linuxworld.html). OpenCMS That same year, Joomla also won Packt Publishing’s Drupal WebGUI Open Source CMS Award, and Drupal took second Mambo Typo3 MySQL place (see www.packtpub.com/article/open-source Mason PHP HTML Perl CSS -content-management-system-award-winner Joomla XML Metadot Portal-Server -announced). PHPNuke Joomla and Drupal have many similarities. They both use LAMP—that is, Linux, Apache, MySQL, Python Plone ZMS and PHP. They both also use XML files to store configuration parameters and CSS for design and layout, and have similar functionality. Nonetheless, Joomla and Drupal have key differences that make them in- Figure 1. Open source Web content management systems and related teresting from a security-comparison perspective, in- technologies. All systems, regardless of implementation, use Web cluding different architectures and implementations. standards, such as HTML and CSS, and relational databases. Joomla Joomla is a derivative of Mambo, a popular PHP- thorized people; based WCMS, and has been used to build roughly 5 • integrity, by preventing unauthorized people from million Web sites worldwide. The system emphasizes modifying, withholding, and deleting information; ease of use, so even nontechnical users can create, edit, and and maintain content. Joomla also offers many out-of- • availability, by performing operations according to the-box Web site components, including forums and their purpose over time.11 chat components, calendars, and blogging software. Joomla is easily customized for special needs and is To achieve these goals, application developers in use on everything from private and small business can use several mechanisms, including sophisticated Web sites to corporate portals. authentication, user access control, and mechanisms Joomla developers are organized in a core team that’s that determine when to maintain data confidentiality, responsible for overall project management, and sev- such as when not to show credit-card numbers when eral working groups that handle particular issues, such verifying a person’s financial state. as development, documentation, or translation. Joomla developers estimate that there are more than 140,000 Security Analysis: active registered users on the Official Joomla commu- Open Source WCMS nity forum (http://demo.joomla.org/1.5/more-about As the sidebar, “Open vs. Closed Source Security” -joomla/30-the-community/21-joomla-facts.html). notes, an open source system’s primary attractions The Joomla forum comprises a security section in give rise to its vulnerabilities: its low cost and source which users discuss security issues and submit possible code availability make it readily accessible to attackers vulnerabilities (http://forum.joomla.org/viewforum. seeking to locate and exploit application weaknesses. php?f=432). This section also contains guidelines, tu- Still, open source WCMSs are widely available and torials, and hints for increasing security and mitigat- widely used. ing risks. Security issues are categorized according to Figure 1 shows an overview of technologies and level (low, medium, or high) and are fixed in minor corresponding WCMSs. Most systems are developed releases or by patches. in PHP, Java, Perl, or Python. As the ellipses indicate, all systems—independent of their implementation— Drupal use Web standards such as HTML, XML, and CSS Dutch students developed Drupal in what was origi- and relational databases such as MySQL. nally an effort to implement a collaboration platform. It’s difficult to determine the exact number of sites Today, Drupal is used for numerous private and uni- powered by a specific WCMS. Various sources try to versity Web sites, as well as for collaboration portals estimate such numbers using different metrics.12 For and e-commerce sites. DrupalSites.net, for example, our case study, we chose Joomla (www.joomla.org) lists several thousand Web sites powered by Drupal and Drupal (www.drupal.org)—two open source (www.drupalsites.net). Like Joomla, Drupal offers systems that create complex Web content. These are many additional modules, including newsletters and among the most widely used systems according to podcasting components.

46 IEEE SECURITY & PRIVACY Internet Security

Drupal developers have their own security team (http://drupal.org/security-team) that’s responsible Open vs. Closed Source Security for accepting and evaluating security-related warnings, searching for vulnerabilities in the core applica- pen source software’s main advantage is its low cost—it’s freely tion, and supporting module developers in fulfilling O available and requires no licensing fees. In addition, because of the security requirements.13 In recognition of security’s source code availability, users can tailor open source software to their importance, the Drupal Web site has a dedicated sec- specific needs. However, potential attackers can also use the source code tion to inform users about current vulnerabilities and to identify vulnerabilities. appropriate patches. Experts have differing opinions as to whether open source applications are more prone to security failures than commercial products; they also Analysis Overview disagree on the overall quality of open source versus commercially devel- For our analysis, we used Drupal 5.2 and Joomla 1.0.13. oped applications.1 Some experts argue that open source developers are As of this writing, newer versions of both systems are less trained and therefore produce more failures and weaker designs than available. However, our goal hasn’t been to list a specif- their commercial counterparts. Others assert that open source’s “many ic version’s vulnerabilities, but rather to give a sense of eyeballs phenomenon”2—that is, that a whole community is involved the systems’ security status and whether users can trust in programming, testing, using, and offering feedback on open source this security without further ado. Hopefully, both or- applications—leads to quicker discovery and repair of failures. ganizations will constantly release newer versions that Obviously, closed source software also suffers from security vulner- fix known security problems. Indeed, updates to both abilities. As John Viega and Gary McGraw noted, it’s “a false belief that applications fix some of the vulnerabilities we now de- code compiled into binaries remains secret just because the source is not scribe, further confirming our analysis results. How- published.” That is, when code is running, hackers have various methods ever, new versions can also introduce new problems, for examining it—“security by obscurity” isn’t as effective as many and attackers might find additional security holes. people think.2 We carried out our security analysis in several steps. First, we installed both systems and evaluated how References different configuration settings—such as deactivating 1. G. Lawton, “Open Source Security: Opportunity or Oxymoron?” Computer, vol. the PHP safe_mode setting—might influence secu- 35, no. 3, 2002, pp. 18–21. rity issues. Second, we performed simple penetration 2. J. Viega and G. McGraw, Building Secure Software: How to Avoid Security Problems tests by sending various malicious input. We were aid- the Right Way, Addison-Wesley, 2002. ed here by several simple tools—including WebScarab (www.owasp.org/index.php/OWASP_WebScarab _Project) and TamperData (http://tamperdata. munity activities, including security forums, FAQs, mozdev.org)—that let us perform simple security tests and checklists. by manipulating parameters sent to Web servers, such Finally, although it’s possible to assess WCMS se- as modifying data in HTTP request headers. As we curity using special penetration testing tools, we re- describe later, we sent simple requests that could lead frained from using commercial tools. However, we to XSS or SQL injection. might consider using license-free tools—such as those In our third step, we inspected the source code for source code analysis—in future evaluations. files of both Joomla and Drupal for additional problem areas. Both systems had almost 2,000 source files, Analysis Results which we searched for security-related strings. For We evaluated the two systems according to specific example, $_SERVER indicates an access to the Web security categories and criteria. Table 1 offers a sum- server’s global variables, which might contain input mary of the results. from the Web client. The variables might also include hazardous input from malicious users. So, for our Community analysis, we simply reviewed the code to see whether On the Internet, change happens quickly; knowledge the developers had taken appropriate measures before about vulnerabilities also spreads quickly. It’s thus they used the variables’ content. We also used the necessary to rapidly respond to vulnerabilities and source files to understand and evaluate the systems’ provide patches to prohibit their exploitation once general security mechanisms, such as authentication they’re publicly known. Development communities or user session management. must be dedicated to providing both a secure system In step 4, we used the knowledge gained in step and information for their users on how to further en- 3 to send additional and more focused malicious re- sure system security. Communities should also define quests. Finally, we evaluated community support for processes for reporting vulnerabilities and tracking security issues by simply browsing the Joomla and their status. Drupal Web sites and by checking for specific com- Both the Joomla and Drupal communities are

www.computer.org/security 47 Internet Security

Table 1. Security analysis results. quality. Drupal has a separate security team. Both systems provide new versions periodically and urge Joomla Drupal their users to update to the current version. This is Community important as attackers can use a system’s version his- Security patches ● ● tory to find information about eliminated vulner- Vulnerability reporting ● ● abilities and then search the Web for older versions Hints on countermeasures ● ● to exploit. Installation • Vulnerability reporting. Users can report vulnerabilities Security hints ● ❍ on both systems’ Web sites. Joomla security issues are Security settings ❍ ❍ discussed at the official forum, whereas Drupal pro- Parameter manipulation vides a section with detailed security announcements HTTP header data ❍ ❍ and information on how to fix issues quickly. Super global arrays ● ● • Tips on countermeasures. Joomla users discuss counter- Cookies ● ● measures at their forum, whereas Drupal team mem- Remote Command Execution ● ● bers publish information in the site’s security section. Forms ◗ ❍ Cross-site scripting (XSS) Both systems’ communities pay adequate attention to APIs against XSS ● ● security aspects, systematically tracking vulnerabili- XSS via URL parameter ● ● ties and providing patches with security fixes. XSS via search fields ● ● XSS in other forms ● ● Installation XSS in back end ● ● Because many WCMS users are nonexperts, it’s im- SQL injection portant that the installation process be as automated Any countermeasures ● ● as possible. WCMSs have many configuration settings User administration that might open or close specific vulnerabilities; if us- Login: XSS or SQL injection ● ● ers choose the default settings, the system should be Secure passwords ❍ ◗ secure: Sessions at the server ❍ ◗ Sessions at the client ● ● • Security hints. Joomla provides a pre-installation Session hijacking ◗ ❍ check and warns users of suboptimal security set- Access to functions ◗ ● tings. Drupal has a simpler installation process that Spam doesn’t provide security issue hints. Contact forms ● ◗ • Security settings. Once installation is complete, nei- Spam relays ● ● ther system offers sufficient support for modifying Email addresses ● ❍ the security settings. However, the settings’ prima- Malicious file upload ry focus is to guarantee a trouble-free collaboration Checking file endings ● ● with third-party modules. Checking file contents ❍ ❍ Elevation of privilege It’s important that users are alerted to security issues Privileged users ❍ ◗ during installation and that they can easily modify Administrators ❍ ❍ security settings thereafter. Here, both systems have Optional modules ample space for improvements. Warnings ● ● Security measures in core ❍ ❍ Parameter Manipulation ●: Security requirement fulfilled Parameter manipulation includes the ability to alter ◗: Security requirement partially fulfilled; potential security risk super global variables, cookie poisoning, remote com- ❍: Security requirement isn’t fulfilled; definite security risk mand execution, and Web form data manipulation as follows:

dedicated to fulfilling these security requirements • HTTP header data. If an Internet application doesn’t as follows: check for valid HTTP header data, manipulated data can result in multiple answers to a single re- • Security patches. Joomla provides specific security quest. Thus, a proxy or cache server might send ma- Web pages and newsgroups. Development team nipulated answers to clients. members occasionally reorganize the Joomla struc- • Super global variables. In PHP applications, super ture and engage new teams to improve system global variables contain information set by the Web

48 IEEE SECURITY & PRIVACY Internet Security

server or otherwise directly related to the execu- to unwanted data disclosure and manipulation. The tion environment. Attackers can manipulate these Boolean expression OR ‘1’=‘1’ always yields true and variables to carry out SQL injection or XSS. There- will therefore successfully execute the SQL statement fore, the system must check these variables before independent of the other parameters. As an example, if processing them. a user enters John Doe as his name, the following SQL • Cookie poisoning. Cookies typically store user-related statement will deliver information about him: data—such as shopping cart items—on a user’s local computer. However, attackers can poison cookies SELECT * FROM users WHERE name by altering their contents during transmission to the = ‘John Doe’; server. Therefore, a WCMS must not blindly trust cookie data. If a malicious user alters the name and enters John • Remote command execution. Attackers can execute re- Doe’ OR ‘1’=’1 instead, the following SQL query mote commands on the WCMS by including mali- will be used: cious PHP scripts stored on the computers they’re operating. To achieve this, attackers must manipulate SELECT * FROM users WHERE name parameters such that the PHP operations are called = ‘John Doe’ OR ‘1’=‘1’; with the malicious script’s URL. Thus, the system must check parameters if their content can lead to This statement will provide information about all users. the execution of operations such as include() or Both Joomla and Drupal perform checks to prevent require(). SQL injection. Drupal offers a functiondb_query() • Web form data. Web forms contain various ways of that can and should be called before sending SQL que- transferring data from the user to a server. It’s rather ries. Joomla uses PHP’s mysql_escape_string() easy to manipulate this data and send dangerous function, which masks all kinds of special characters. contents to a server. Authentication Although Joomla and Drupal are quite prepared for When using a secure system, users first encounter the parameter manipulation, they’re not without deficien- login mechanism, which is sometimes vulnerable to cies: neither system sufficiently filters HTTP headers XSS or SQL injection. Insecure passwords can also and Web form data. Drupal, for example, stores all grant access to unauthorized users. Also, session hi- transmitted data unfiltered in an underlying database jacking can occur if the system uses insecure connec- table. Consequently, the security system checks only tions to transfer authorization data. Last but not least, the database query results. systems must make authorization checks not only during login but also when users access specific func- Cross-Site Scripting tions; a regular user, for example, shouldn’t be allowed Attackers can manipulate Web servers’ input data to to call administration functions. contain script code, such as JavaScript. If the server On the client side, both Joomla and Drupal proper- sends this input to other clients without appropriate ly secure the login mechanism and session data. How- checks, the client side executes the script code. Thus, ever, both also contain weaknesses related to password XSS isn’t dangerous to the server itself, but to its cli- security and unauthorized access to functions. ents. Take, for example, the input . Spam If attackers input this text with HTML escape codes or Some attackers employ tools that use email forms to encode it in hexadecimal numbers, servers would find send messages to third parties, with the server acting it much more difficult to recognize. Both Joomla and as a spam relay. One way to reduce spam is to use a Drupal seem adequately prepared to prevent XSS. Captcha, an acronym for a completely automated public Turing test to tell computers and humans SQL Injection apart. Also, systems shouldn’t present email addresses SQL injection reads or alters database contents through in a form readable by automated tools—such as spam- user input, which must be checked for SQL commands bots—which can use them as spam targets. to avoid danger. Typically, attackers use Web form in- Joomla addresses all aspects of spam; Drupal has put to create database queries in SQL. Malicious us- yet to make a full effort and publishes email ad- ers might input parts of SQL commands and thus alter dresses plainly. the meaning of the WCMS’s SQL commands. For example, a malicious user might append OR ‘1’=‘1’ Malicious File Upload in a Web form field. If the WCMS uses this input to Copying files to a Web server is inherently dangerous create a SELECT or DELETE statement, it could lead because attackers can camouflage file contents; a file

www.computer.org/security 49 Internet Security

Optional Modules SQL injection Although they increase functionality, optional mod- Database ules can also compromise the entire system’s security. It’s therefore important both to warn users about po- Parameter manipulation Elevation of privilege tentially insecure modules and to provide core system mechanisms that prevent additional modules from compromising security. Spam relay Malicious le upload Both Joomla and Drupal offer warnings that should Web server keep users from adding questionable modules. Authentication bypass (WCMS) Session hijacking Results Summary Cross-site Figure 2 summarizes possible WCMS attacks, which scripting might be directed at a target object, such as third-party users in a spam attack, or at the database, where SQL Spam injection might lead to confidential data disclosure. Internet User Table 1 summarizes our security analysis results. Although Joomla and Drupal provide extensive security mechanisms, there’s ample opportunity for inex- perienced and experienced users to open the doors for Malicious user malicious code. Both systems are supported by security-aware communities, and we expect their security Figure 2. Potential Web content management systems attacks. Attacks levels to increase in the future. Still, we can’t recom- might be aimed at a target object, such as a third-party user, or at the mend unwary use of these systems. database, as in the case of SQL injection.

lthough eliminating the vulnerabilities in Joomla name ending with “.jpg” doesn’t necessarily contain A and Drupal isn’t difficult given some expert an image. Systems must check any contents trans- knowledge, the systems are targeted to a nonexpert ferred to a server. audience. Consequently, many systems out there have Both Joomla and Drupal lack sufficient mecha- vulnerabilities that attackers can easily exploit. Such nisms to prevent malicious content upload. For ex- systems might not (yet) be attractive enough to actu- ample, in both systems, attackers can upload malicious ally attract attacks. However, it’s our task to both be data hidden as a file because both systems validate file ahead of attackers in securing high-risk applications type, but not content, and would thus simply treat a and also to provide basic security for small- and medi- “.jpg” file as an image. um-sized companies. Given this, can we recommend using WCMSs like Joomla or Drupal? And what can Privilege Elevation nontechnical users do to minimize threats if they do? The more privileged a user, the more severe the attack Using these systems is a viable option, but users he or she can perform. This is because highly privi- must take precautions. Above all, nontechnical users leged users can access system parts that let them trans- should always use the latest available version. Techni- fer various content types—such as text strings—that cally skilled users can stick to older versions, but they can hide malicious code. They can use HTML code, must be familiar with their version’s security status and such as a simple image tag, to transmit JavaScript. regularly visit the WCMS’s Web site for vulnerability Thus, if someone fraudulently obtains access to a less and countermeasure updates. Also, when installing a privileged user account, it can be a first step toward WCMS, users should carefully set configuration set- intruding to a more highly privileged account. tings with security in mind, and nontechnical users Joomla provides a TinyMCE editor that validates should follow the community’s recommendations. user input on the client computer. It’s therefore easy The same precautions hold when installing optional for attackers to bypass the check and transmit any kind modules, which might themselves contain vulner- of script code to the server to launch attacks such as abilities. Finally, when deciding on which WCMS to XSS. Because Drupal filters all textual contents before use, we recommend that each community’s security they’re sent to the client, it makes it more difficult for efforts be a key criterion. attackers to violate data integrity. However, Drupal lets attackers upload PHP code that’s interpreted on References the server without further checks in case an adminis- 1. H. Collins, Enterprise Knowledge Portals: Next Generation trator carelessly changes some configuration settings. Portal Solutions for Dynamic Information Access, Better Deci-

50 IEEE SECURITY & PRIVACY Internet Security

sion Making, and Maximum Results,” Am. Management 11. E. Jonsson, “Towards an Integrated Conceptual Model Assoc., 2003. of Security and Dependability,” Proc. 1st Int’l Conf. on 2. T. Päivärinta and B.E. Munkvold, “Enterprise Content Availability, Reliability and Security (ARES 06), IEEE CS Management: An Integrated Perspective on Informa- Press, 2006, pp. 646–653. tion Management,” Proc. 38th Hawaii Int’l Conf. on Sys- 12. Compass Design, How Many Websites Use Joomla: 30 tem Sciences, IEEE CS Press, 2005, p. 96. million? www.compassdesigns.net/joomla-blog/How 3. H.A. Smith and J.D. McKeen, “Developments in Prac- -Many-Websites-Use-Joomla-30-million-.html. tice VIII: Enterprise Content Management,” Comm. 13. Drupal Assoc., Writing Secure Code, 2006; http://drupal. Assoc. of Information Systems, vol. 11, no. 33, 2003, pp. org/writing-secure-code. 647–659. 4. P. Hallikainen, H. Kivijärvi, and K. Nurmimäki, Michael Meike is founder and CEO of Trusted Bytes, a Web “Evaluating Strategic IT Investments: An Assessment programming services company. He also developed Micro- of Investment Alternatives for a Web Content Manage- Balance, a successful private and freely available cash-basis ment System,” Proc. 35th Hawaii Int’l Conf. on System accounting software. Meike has a master’s degree in business- Sciences, IEEE CS Press, 2002, pp. 238–248. oriented computer science from Johannes Kepler University, 5. G. McGraw, Software Security: Building Security In, Lintz, Austria. Contact him at [email protected]. Addison- Wesley, 2006. 6. Symantec Internet Security Threat Report, Trends for Johannes Sametinger is a professor in the department of July-December 07, Volume XIII, Apr. 2008, http://eval. business informatics at Johannes Kepler University, Lintz, Aus- symantec.com/mktginfo/enterprise/white_papers/ tria, where his research interests include software engineering, b-whitepaper_internet_security_threat_report_xiii with an emphasis on software security. Sametinger has a Dr. _04-2008.en-us.pdf. techn. in computer science from Johannes Kepler University. 7. R. Newman, “Cybercrime, Identify Theft, and Fraud: He is a longtime member of the IEEE and the ACM. Contact Practicing Safe Internet—Network Security Threats him at [email protected]. and Vulnerabilities,” Proc. 3rd Conf. on Information Security Curriculum Development, ACM Press, 2006, pp. 68–77. Andreas Wiesauer has a teaching and research position in the 8. A. Tanenbaum and M. van Steen, Distributed Systems— department of business informatics at Johannes Kepler Univer- Principles and Paradigms, Prentice Hall, 2002. sity, Lintz, Austria, where he is working on his doctoral degree in 9. M. Howard and D. LeBlanc, Writing Secure Code, Mi- software security. His other research interests include software crosoft Press, 2001. architecture and software design. Wiesauer has a master’s de- 10. G. Hoglund and G. McGraw, Exploiting Software: How gree in business-oriented computer science from Johannes Ke- to Break Code, Addison-Wesley, 2004. pler University. Contact him at [email protected].

EnginEEring and applying thE intErnEt

IEEE Internet Computing magazine reports on emerging tools, technologies, and applications implemented through the Internet to support a worldwide computing environment.

Upcoming issUEs:

Cloud Computing Unwanted Traffic Social Computing in the Blogosphere Rich Internet Applications