Cybersecurity of WordPress Platforms. An Analysis Using Attack-Defense Trees Method
Downloads
The aim of this paper is to analyze the techniques for securing a Content Management System, highlighting the vulnerabilities of the WordPress platform. The study includes qualitative and quantitative analyzes on the resilience of CMS platforms to cyber-attacks, simulated by the AD Trees methodology. The data provided by CVE is used to build possible attack scenarios that could compromise the cybersecurity of the web application. At the end of the paper, in order to minimize the impact of these attacks, solutions are proposed as sets of countermeasures within the Attack‑Defense Trees.
Downloads
Adobe, Glossary term ”Content management”, https://business.adobe.com/sg/glossary/content-management.html.
C. Benevolo, Evaluation of Content Management Systems (CMS): a Supply Analysis, 2017.
Contentstack, Content Lifecycle Management for the Modern Enterprise, https://www.contentstack.com/blog/all-about-headless/content-lifecycle-management/.
Securing Content Management Systems, 2020, [Online] https://www.cyber.gov.au/sites/default/files/2020-06/PROTECT%20-%20Securing%20Content%20Management%20Systems%20%28June%202020%29.pdf.
CVE - Common Vulnerabilities and Exposures, https://cve.mitre.org/.
NIST Common Vulnerability Scoring System Calculator Version 3, https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator.
CVE Details - CVSS Scores for WordPress, https://www.cvedetails.com/cvss-score-charts.php?product_id=4096.
Vulnerability Details: CVE-2021-44223, https://www.cvedetails.com/cve/CVE-2021-44223/.
Vulnerability Details: CVE-2020-36326, https://www.cvedetails.com/cve/CVE-2020-36326/.
Vulnerability Details: CVE-2021-39203, https://www.cvedetails.com/cve/CVE-2021-39203/.
B. Schneier, Attack Trees, Dobb's Journal, 1999, https://www.schneier.com/academic/archives/1999/12/attack_trees.html.
G. Petrică, S.D. Axinte, I.C. Bacivarov, Dependabilitatea sistemelor informatice, Matrix Rom, București, 2019, ISBN 978-606-25-0529-5.
B. Kordy, P. Kordy, S. Mauw, P. Schweitzer, ADTool: Security Analysis with Attack–Defense Trees, Proceedings of the 10th International Conference on Quantitative Evaluation of Systems, 2013, DOI: 10.1007/978-3-642-40196-1_15.
CVE Details, WordPress: Security Vulnerabilities Published In 2021, https://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/year-2021/WordPress-WordPress.html.
G. Petrică a.o., Cybersecurity Guide, 2021, ISBN 978-973-0-33645-0, DOI: 10.19107/CYBERSEC.2021.EN, https://www.cyberlearning.ro/cybersecurity-guide/.