Recommended: Click here to improve PC speed »
The need for an automated security auditing toolThe Joomla! Core Team Quality & Testing Working GroupÂ's mission is to help improvethe quality, stability and security of the Joomla! Core Code, through continuousrigorous testing and quality reporting. The extensive PHP-based Joomla! Core Codewas, until recently, tested manually. "Performing a manual security audit each timewe released a new version would take up too many hours and resources. Manualauditing is highly complex and it means that you have to keep track of considerablevolumes of code as well as the latest techniques being used by hackers. Finding anautomated solution was, therefore, essential," said Mr. Muilwijk, member of theQuality and Testing Team.
Vulnerabilities discovered using Acunetix WVSUsing Acunetix Web Vulnerability Scanner, the developers at Joomla! were able tofind high-risk SQL Injection vulnerabilities in no time.  The issues detected wereof a major impact, if users/hackers would have found the security holes, they couldhave hacked an entire Joomla! site, said Mr. Muilwijk. Besides SQL Injectionvulnerabilities, the software detected some low-level vulnerabilities related to theweb server setup.
Fixing the bugs With Acunetix WVS, our developers were able to spot the vulnerabilities immediatelyand the issues were fixed quite easily, said Mr. Muilwijk  It was just a matter ofusing correct PHP standards and other practices such as input filtering. We ran thescans a few times on every new release, to ensure we did not miss any new issuesafter changing the core code. With Acunetix WVS we were able to improve the quality,stability and security of Joomla!Â
The full case study can be viewed at:http://www.acunetix.com/vu lnerability-scanner/cs_joomla. htm
About Acunetix Web Vulnerability ScannerAcunetix Web Vulnerability Scanner ensures website security by automaticallychecking for SQL injection, Cross site scripting and other vulnerabilities.Furthermore, Acunetix protects against the embedding of Javascript malware in aweb-page through its JavaScript Analyzer. Such protection secures all AJAXapplications. Acunetix WVS also checks password strength on authentication pages andautomatically audits shopping carts, forms, dynamic content and other webapplications. As the scan is being completed, the software produces detailed reportsthat pinpoint where vulnerabilities exist.
Acunetix provides free audit to help companies determine the security of their websitesEnterprises who would like to have their website security checked can register for afree audit by visiting www.acunetix.com/security-audi t. Participating enterpriseswill receive a summary audit report showing whether their website is secure or not.Summary reports will be delivered within five business days of submission.
About Joomla!Joomla! is a free, award-winning content management system written in PHP whichallows users to easily publish their content on the world wide web and intranets.Joomla! is created as an open-source project where individuals and teams contributetheir skills to its development as well as its supporting systems.
What sets Joomla! apart is the teamÂ's dedication to keeping things as simple aspossible while providing the most features possible. Finally, non-technical peoplecan have complete control over their websites without paying exorbitant amounts forclosed, proprietary software.
The name Joomla! is a phonetic spelling for the Swahili word "Jumla", which means"all together" or "as a whole". More information at: http://dev.joomla.org/
About Acunetix Acunetix was founded to combat the alarming rise in web attacks. Its flagshipproduct, Acunetix Web Vulnerability Scanner, is the result of several years ofdevelopment by a team of highly experienced security developers. Acunetix is aprivately held company with headquarters based in Europe (Malta), a US office inSeattle, Washington and an office in London, UK. For more information aboutAcunetix, visit: http://www.acunetix.com; http://www.acunetix.de.
All product and company names herein may be trademarks of their respective owners.
