OpenSource CMS like Drupal, WordPress or Joomla are extremly popular targets for all sorts of attacks. Most of them are available 24/7 and hosted on powerful machines, making them very valuable tools for further attacks once compromised. In this session I want to tell you about SIWECOS, a project funded by the german ministry of economics, that wants to improve the security of CMS-based websites. You'll learn about the history of the project, it's work "behind the scenes" and the benefits that it has for you.
"Making the web a safer place" is a pretty bold mission statement - but without bragging, I really think that this mission statement has become reality for SIWECOS, a project funded by the german government, that targets to improve the security of CMS-based websites.
The project, that is ongoing for 2 years already, is obviously about IT-security – but it's most valuable lessons are about a different topic: about the importance of cooperation, of leaving your own cosy CMS-bubble and about taking the huge responsiblity, that we as popular webapps have, seriously.
I'll give you first hand insights into the history of the project and want to tell you how it was possible to become a government funded project in the first place. I'll show you the key elements of the SIWECOS services and give you a very quick introduction to the free scanning tools that we are offering to the communities – and last but not least, you'll learn about something, that is happening behind the scenes, which is our cooperation with webhosts.