• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Security scanning a cms based site

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Security scanning a cms based site

    Can anyone tell me, is it worth running a security scan e.g Accunetix on a website that is purely CMS based and does not collect any user information?

    Thanks.

    #2
    Originally posted by grey_lady View Post
    Can anyone tell me, is it worth running a security scan e.g Accunetix on a website that is purely CMS based and does not collect any user information?

    Thanks.

    Is it publicly accessible i.e. from the Internet, or is it purely internal?

    If it has any kind of external accessibility it's worth scanning. There might not be anything in terms of sensitive data on it, but it can still get hijacked and used as a proxy by the bad guys or provide a back door into your network.
    "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

    Comment


      #3
      It's publicly accessible - thanks.

      Comment


        #4
        Originally posted by grey_lady View Post
        Can anyone tell me, is it worth running a security scan e.g Accunetix on a website that is purely CMS based and does not collect any user information?

        Thanks.
        Firstly, who owns the site? You, the service provider or a third party?

        If you don't own the site or the network on which the box resides, you may get done under the Computer Misuse Act unless you get explicit consent from the owner of the site and network.
        If your company is the best place to work in, for a mere £500 p/d, you can advertise here.

        Comment


          #5
          The site is owned by my company but it and the servers it sits on are bought by my company in a 'managed service' agreement, I'm a test manager by the way.

          I do realise that it would have to be with the agreement of the service company and at a quiet time.

          Comment


            #6
            Originally posted by grey_lady View Post
            Can anyone tell me, is it worth running a security scan e.g Accunetix on a website that is purely CMS based and does not collect any user information?

            Thanks.
            My advice is to get it done properly...
            B00med!

            Comment


              #7
              Originally posted by grey_lady View Post
              I do realise that it would have to be with the agreement of the service company and at a quiet time.
              Whatever you do, before you run anything get permission to do so from all parties concerned in writing.
              Behold the warranty -- the bold print giveth and the fine print taketh away.

              Comment

              Working...
              X