Web Content Security Monitoring System Model for Web Content Management Systems: the Case of Addis Ababa Communication Affairs Bureau
No Thumbnail Available
Date
2019-05-10
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Web content management systems are important and useful options for users to publish their content in the internet. With their popularity WCMS are targets for serious security attacks. The vulnerabilities they have are the easy way in for attackers. Outdated and vulnerable WCMS plugins and themes created by different developers are also exposed to attacks. Using weak passwords by the website operators also expose their account to be vulnerable for different types of security attacks.
To lower the security risks on websites, there are different security measures one can take prior to deploying the website to the internet. But other than that, regularly monitoring the security of the website is essential. The security attacks aiming WCMS are mostly to affect the integrity of the web content in the websites. Different techniques are suggested to perform content monitoring. Each approach uses different procedures to monitor the security status of the web contents. The existing approaches have limitations, for example, web content integrity is compromised by changing the content and sometimes it is required to check content changes based on specific characteristics to identify attention worthy changes and existing approaches lack a way to include this features in the process of monitoring.
This research work is intended to incorporate the content security breach features and behaviors the organizations or owners’ of a website state for their web content in the form of rules, and use it as a knowledgebase and design a system model for it. The system model proposed in this research for web content security monitoring composed of seven main parts. Including this rules in the process of change detection and classification enhance the overall monitoring process.
For evaluating the designed system model, we implement a prototype to show how the model performs and we use as a sample CMS websites from random sector organizations under the Addis Ababa Communication Affaires Bureau. The result we get shows that, based on our prototype, most of the content alterations are detected and collected based on the rules we set on the knowledgebase.
Description
Keywords
Content Management System, Website, Change Identification, Change Classification, Monitoring, Web Content Security Monitoring System Model