{"id":10159,"date":"2018-10-01T10:32:21","date_gmt":"2018-10-01T10:32:21","guid":{"rendered":"http:\/\/www.esds.co.in\/blog\/?p=10159"},"modified":"2020-01-07T06:58:18","modified_gmt":"2020-01-07T06:58:18","slug":"what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security","status":"publish","type":"post","link":"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/","title":{"rendered":"What is a CMS Vulnerability Scanner and what is its Need for Security?"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_a_CMS\"><\/span><strong>What is a CMS?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">A CMS (Content Management System) is a \nplatform which helps in creating and delivering the web applications \nquickly. Some CMSs are very popular and those are WordPress, Drupal, \nJoomla, and vBulletin. Any CMS requires plug-ins and several third-party\n plug-ins are available for all of these CMSs. It becomes easy to create\n digital content, handle web content management, and enterprise content \nmanagement.<\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#What_is_a_CMS\" >What is a CMS?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#Why_there_is_a_need_to_protect_CMS\" >Why there is a need to protect CMS?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#What_is_a_Vulnerability_Scanner\" >What is a Vulnerability Scanner?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#Features_you_should_look_for\" >Features you should look for:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#OWASP_Top_10\" >OWASP Top 10:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#Content_Change_Monitoring\" >Content Change Monitoring:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#Malware_Checking\" >Malware Checking:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#Preventing_Phishing\" >Preventing Phishing:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#Domain_reputation_validation\" >Domain reputation validation:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#Robust_Link_Crawling\" >Robust Link Crawling:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#Banner_Grabbing\" >Banner Grabbing:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#SSL_Scan\" >SSL Scan:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#LFI_Local_File_Inclusion_and_RFI_Remote_File_Inclusion_detection\" >LFI (Local File Inclusion) and RFI (Remote File Inclusion) detection:<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/#Conclusion\" >Conclusion:<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_there_is_a_need_to_protect_CMS\"><\/span><strong>Why there is a need to protect CMS?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">Everything comes with pros and cons and \ntherefore, some security loopholes are the cons here. Every plug-in and \nCMS is, after all, a code. The hackers are intelligent enough to find \nout the loopholes or bugs in any software system. Thus, they regularly \ntry to attack the CMS, its data, and in turn your business. Consider the\n points below \u2013<\/p><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Widely used content management systems are luring targets for the hackers<\/li><li>New threat issues and gaps can come up anytime<\/li><li>CMS change logs generally show the gaps and vulnerabilities in the \nversions which are stated in the updates. They also expose the websites \nwhich don\u2019t update automatically.<\/li><li>Adding more number of things to your CMS site increases the risk of it getting attackable.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_is_a_Vulnerability_Scanner\"><\/span><strong>What is a Vulnerability Scanner?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">As the name suggests, the web scanner \nscans the entire CMS for any potential threats due to the loopholes in \nit. It checks what kinds of attacks are possible and how they could be \navoided. <a href=\"https:\/\/esds.co.in\/security\/vtmscan\"><strong>Web scanner<\/strong><\/a>\n is smart enough to cross-check the details of the target attacker \nsystem with the available database information of the recent attacks. \nThe scanner is just like an antivirus, it updates its database to stay \nalert about the latest threats and then it scans the systems for the new\n attacks to prevent them.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The code vulnerability scanners use the \nknowledge base of code collected up till now from several third-party \nsources to scan and scrutinize the input code. In every file, it is \nchecked whether the code pattern matches with the input code or not. If \nthere is a match, it confirms the vulnerability with the third-party \nsource and if it is present then it simply reports the issue.<\/p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Features_you_should_look_for\"><\/span><strong>Features you should look for:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>A scanner like <strong>ESDS VTMScan<\/strong> has various features which can cater all your needs. Consider the below pointers for CMS scan-<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Not all scanners can detect CMSs<\/li><li>ESDS VTMScan can detect four main CMSs and those are WordPress, vBulletin, Joomla, and Drupal.<\/li><li>You can scan plug-ins, themes, unprotected admin panel, and can also enumerate users.<\/li><li>There is a facility of brut-forcing for password detection.<\/li><li>You can take advantage of FPD scanning means File Path Disclosure scanning<\/li><li>Your CMS is detected in all the directories.<\/li><\/ul>\n\n\n\n<p>On top of that, there are multiple things which are offered.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"OWASP_Top_10\"><\/span><strong>OWASP Top 10:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><p style=\"text-align: justify;\">\nThe online community named Open <strong>Web Application Security Project (OWASP)<\/strong>\n publishes a list of top 10 high vulnerabilities every year and ESDS VTMScan \ndetects each one by following the rules mentioned by OWASP.<\/p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Content_Change_Monitoring\"><\/span><strong>Content Change Monitoring:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><p style=\"text-align: justify;\">\nEvery short change in the content of the\n site is scanned in this category with the percentage of change per URL.\n Every page is compared with the snapshot of the earlier page to detect \nchanges and then report them.<\/p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Malware_Checking\"><\/span><strong>Malware Checking:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><p style=\"text-align: justify;\">\nThis checks for the malware which \ndefaces the website and changes the visual appearance of a webpage or \nthe site. This feature is a unique one. It also includes JavaScript \nscanning, detecting JavaScript obfuscation, checking third-party links, \nmonitoring malware, and doing forceful redirect injection test.<\/p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Preventing_Phishing\"><\/span><strong>Preventing Phishing:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><p style=\"text-align: justify;\">\nVerifying that there are no similar \ndomains like yours, URL hijacking, a foreign language or common \nmisspelling, typographical error, and similar names but different domain\n names. Further, there is also Homoglyph and Punycode advance <strong>phishing<\/strong> attack detection.<\/p><p style=\"text-align: justify;\">\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Domain_reputation_validation\"><\/span><strong>Domain reputation validation:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><p style=\"text-align: justify;\">\nYour website domain should be validated \nin the Google, Malware Patrol, SURBL, Phishtank, Clean-Mx databases. \nAlso, it is checked that the mail server IP is not present in the 58 RBL\n (Real-time Black Hole) repositories.<\/p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Robust_Link_Crawling\"><\/span><strong>Robust Link Crawling:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><p style=\"text-align: justify;\">\nThis feature <strong>crawls links<\/strong> from robots.txt, web pages, iframes, search engines of hackers, and directories.<\/p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Banner_Grabbing\"><\/span><strong>Banner Grabbing:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><p style=\"text-align: justify;\">\nTo stop such attacks, port scanning, OS \ndetection, and WAF detection are done so that the hackers couldn\u2019t get \nthe data from open ports, headers, and services on the web server.<\/p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"SSL_Scan\"><\/span><strong>SSL Scan:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><p style=\"text-align: justify;\">\nHere, <strong>SSL<\/strong> Poodle,\n CRIME, BEAST, DROWN, Heartbleed, etc. types of issues are checked. \nAlso, the domain\u2019s certificate, security and validity, and NULL cipher \nare checked.<\/p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"LFI_Local_File_Inclusion_and_RFI_Remote_File_Inclusion_detection\"><\/span><strong>LFI (Local File Inclusion) and RFI (Remote File Inclusion) detection:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><p style=\"text-align: justify;\">\nWhether any local file is attacked by an\n injection or any file from the remote server is harming the web \napplication, such things are validated.<\/p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><strong>Conclusion:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p><p style=\"text-align: justify;\">\nSo, this was all about the <a href=\"https:\/\/esds.co.in\/security\/vtmscan\"><strong>Vulnerability scanners<\/strong><\/a> and the need for protecting the CMSs.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is a CMS? A CMS (Content Management System) is a platform which helps in creating and delivering the web applications quickly. Some CMSs are very popular and those are WordPress, Drupal, Joomla, and vBulletin. Any CMS requires plug-ins and several third-party plug-ins are available for all of these CMSs. It becomes easy to create&#8230; <\/p>\n<div class=\"clear\"><\/div>\n<p><a href=\"https:\/\/www.esds.co.in\/blog\/what-is-a-cms-vulnerability-scanner-and-what-is-its-need-for-security\/\" class=\"gdlr-button small excerpt-read-more\">Read More<\/a><\/p>\n","protected":false},"author":81,"featured_media":10166,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1271],"tags":[1920,1971,1934,1957,1978,1914,1915,1916,1943,1910,1913,1964],"class_list":["post-10159","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-2","tag-advantages-of-online-virus-scanners","tag-cms-scan","tag-cms-security","tag-content-change-monitoring-scan","tag-content-management-system-scan","tag-esds-vtmscan","tag-esds-vtmscan-detection-technique","tag-esds-vtmscan-virus-scanner","tag-esds-vtmscan-vulnerability-scanner","tag-features-of-esds-vtmscan","tag-malware-scanner","tag-vulnerability-scan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10159","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/users\/81"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/comments?post=10159"}],"version-history":[{"count":4,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10159\/revisions"}],"predecessor-version":[{"id":11137,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10159\/revisions\/11137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media\/10166"}],"wp:attachment":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media?parent=10159"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/categories?post=10159"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/tags?post=10159"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}