Security scanning a cms based site

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Sysman replied

4 August 2009, 15:10
Originally posted by grey_lady View Post

I do realise that it would have to be with the agreement of the service company and at a quiet time.

Whatever you do, before you run anything get permission to do so from all parties concerned in writing.
Leave a comment:
Advocate replied

3 August 2009, 22:27
Originally posted by grey_lady View Post

Can anyone tell me, is it worth running a security scan e.g Accunetix on a website that is purely CMS based and does not collect any user information?

Thanks.

My advice is to get it done properly...
Leave a comment:
grey_lady replied

3 August 2009, 14:59
The site is owned by my company but it and the servers it sits on are bought by my company in a 'managed service' agreement, I'm a test manager by the way.

I do realise that it would have to be with the agreement of the service company and at a quiet time.
Leave a comment:
pmeswani replied

3 August 2009, 14:53
Originally posted by grey_lady View Post

Can anyone tell me, is it worth running a security scan e.g Accunetix on a website that is purely CMS based and does not collect any user information?

Thanks.

Firstly, who owns the site? You, the service provider or a third party?

If you don't own the site or the network on which the box resides, you may get done under the Computer Misuse Act unless you get explicit consent from the owner of the site and network.
Leave a comment:
grey_lady replied

3 August 2009, 14:42
It's publicly accessible - thanks.
Leave a comment:
DaveB replied

3 August 2009, 14:38
Originally posted by grey_lady View Post

Can anyone tell me, is it worth running a security scan e.g Accunetix on a website that is purely CMS based and does not collect any user information?

Thanks.

Is it publicly accessible i.e. from the Internet, or is it purely internal?

If it has any kind of external accessibility it's worth scanning. There might not be anything in terms of sensitive data on it, but it can still get hijacked and used as a proxy by the bad guys or provide a back door into your network.
Leave a comment:
grey_lady started a topic Security scanning a cms based site

3 August 2009, 14:28
Security scanning a cms based site

Can anyone tell me, is it worth running a security scan e.g Accunetix on a website that is purely CMS based and does not collect any user information?

Thanks.
Tags: None