Analysis of security CMS platforms by vulnerability scanners

Subject of security the most popular CMS platforms has been undertaken in the following thesis. There were introduced fundamental informations about subject CMS platforms and vulnerability scanners utilised to research. For research purposes Wordpress and Joomla websites were created and investigated for security by vulnerability scanners OWASP ZAP, Vega, Detectify and Skipfish. Results were grouped by some criteria: vulnerabilities by category and vulnerabilities by threat level. Obtained results were examined in two ways: analysis of residual results, for each website scanning and analysis of aggregated results from all scanners. After that, conclusions about CMS platforms security have been drawn

Peremajaan Situs Resmi Departemen Teknik Mesin Institut Teknologi Sepuluh Nopember Surabaya

Departemen Teknik Mesin Institut Teknologi Sepuluh Nopember Surabaya memiliki sistem pengelolaan situs resmi yang belum diperbarui sejak lama. Beberapa halaman masih terlihat kuno dan tidak dikelola dengan baik. Tidak adanya operator khusus dengan akses pengelolaan situs resmi Departemen Teknik Mesin ITS membuat tidak berjalannya maintenance dan updating yang seharusnya dilakukan secara berkala pada situs ini. Oleh karena itu, diperlukan adanya pengelolaan kembali, pembaruan informasi, dan penataan situs, serta pelatihan bagi operator baru untuk dapat menjalankan kembali fungsi situs resmi Departemen Teknik Mesin ITS, yaitu sebagai penyedia informasi yang faktual. Peremajaan situs Departemen Teknik Mesin ITS ini dilakukan dengan dua metode, yaitu penggantian template, sehingga menjadi lebih mudah untuk diubah dan lebih menarik untuk dilihat, dan pengadaan pelatihan terhadap calon operator sehingga dapat mengoperasikan situsnya dengan baik. ===================================================================================================== The Department of Mechanical Engineering, Institut Teknologi Sepuluh Nopember Surabaya has an official website management system that hasn't been updated for a long time. Some of the pages still look old and poorly managed. The absence of a special operator with access to the official site management of the ITS Mechanical Engineering Department prevents maintenance and updating that should be carried out periodically on this site. Therefore, it is necessary to re-manage, update information, and organize the site, as well as training for new operators to be able to re-run the official website of the ITS Mechanical Engineering Department, namely as a provider of factual information. The rejuvenation of the ITS Mechanical Engineering Department site is carried out in two methods, namely changing the template, making it easier to change and more attractive to see, and providing training for prospective operators so that they can operate the site properly

Sistemas de gestión de contenido web: Uso y estudio comparativo inicial de su seguridad

[ES] Los Sistemas de Gestión de Contenido Web (Web Content Management Systems, WCMS) han ganado mucha popularidad debido a la facilidad que aportan a la hora de crear páginas o portales web, sites de comercio electrónico, etc. En este trabajo se explica de forma resumida cómo es el manejo los WCMS y qué se puede lograr con su uso. Para ello, trabajaremos con tres de los más populares WCMS de tipo open-source empleados hoy en día, Joomla, Wordpress y Drupal, y veremos las ventajas e inconvenientes de trabajar con cada uno de ellos. Con este fin, crearemos tres web iguales en requisitos y funcionalidades, una con cada WCMS, y se analizará cualitativamente la complejidad de cada uno de ellos. Finalmente, realizaremos un análisis básico de seguridad de las webs creadas, informando de sus posibles vulnerabilidades, explicando cómo mejorar su seguridad, qué fallos no debemos cometer y qué WCMS es inicialmente más seguro/vulnerable.This research was supported by the AEI/FEDER, UE project grant TEC2016-76465-C2-1-R (AIM).Aledo-Hernández, A.; Guillén-Pérez, A.; Martinez-Caro, J.; Sanchez-Iborra, R.; Cano, M. (2018). Sistemas de gestión de contenido web: Uso y estudio comparativo inicial de su seguridad. En XIII Jornadas de Ingeniería telemática (JITEL 2017). Libro de actas. Editorial Universitat Politècnica de València. 86-92. https://doi.org/10.4995/JITEL2017.2017.6558OCS869

Web Content Management System and accessibility awareness: A comparative study of novice users and accessibility outcomes

Since its creation, the Web has progressively developed and become a vital source of information in every domain and for almost all people. It is crucial to guarantee that the information contained on the Web is available for everyone, especially for people with special needs. Removing accessibility barriers is fundamentally based on tools, skills and support of all contributors, particularly the content creators, to ensure information is navigable and usable in the context of the end users experience. Web Content Management Systems play a significant role in structuring, storing and provision content to the Web and have evolved to address the difficulties of manually coding web pages versus the convenience of manipulating their content without any programing skills. Web Content Management Systems have gradually evolved to contain features and functions that allow content authors to shape their content in ways that address web content accessibility expectations, though only if the content author knows how to use these features to maximum effect. This thesis explores such usage by participants deemed to be novices, in that they have limited technical skills in the context of web coding and have limited expose to Web Content Management Systems or the application/awareness of the Web Content Accessibility Guidelines (WCAG). This research places an emphasis on the outcome of these novice users when provided with some basic training and awareness raising of WCAG principles and the use of a modern Web Content Management System. This is explored in the literature as an area of some importance as organisations with significant web presence cannot simply tell their content authors to ‘oh, and make sure it is accessible’ and hope that the end product will somehow achieve that goal without an investment in some form of accessibility education. For web managers and developers in all public sector organisations. “Make sure that all content commissioners and authors are fully trained in the importance of accessible content, and in the means that are made available for them to achieve this . (p. 58) The purpose of this research was to explore to what level the use of accessible Web Content Management System and novice users’ training impacted accessibility outcomes. This study emerged from the widespread role that Web Content Management Systems play in terms of storing and managing web content and the growing usage of these systems by experts or novices at an organisational or personal level. Through a selection process, this study identified a Web Content Management System that had a number of accessibility features, developed some training and ‘awareness raising’ materials and then asked novice users across two groups to apply what they had learned in order to develop an accessible website. The goal of the study was to ascertain if the two groups performed differently according to the training and awareness raising materials they received, and if even basic accessibility outcomes were achievable with just a few hours of training and from what was essentially an accessibility ‘cold start’. The study used a mixed methods approach encompassing three research methods; experimental method, survey method and observational method, to compare qualitative and quantitative data obtained from ‘accessibility awareness’ and ‘accessibility unaware’ participant groups. Thirty university students participated in this research and received accessibility awareness raising sessions, with additional accessibility-related examples for the accessibility awareness group. All participants undertook pre and post-tests that were designed to collect data allowing the researcher to compare the learning performance before and after the participants’ awareness session. At the end of the awareness session, the participants of both groups completed a survey which was designed to provide further data on the participant’s perception of web use and experience, the concept of web accessibility, web content accessibility guidelines, the system used, and their opinion of the accessibility awareness session. Data collected from the survey, pre and post-tests and the recording provided a holistic set of data from which the primary and supporting research questions were addressed. The results of the research indicated that the accessibility awareness group demonstrated measurably better accessibility outcomes than the unawareness group; these results being attributed to the awareness training session, participants’ searching behaviour, time spent on tasks, and effort made to implement accessible features and complete the required tasks. The participants in both groups had some prior knowledge in the use of the Web but limited or no skills in HyperText Markup Language (HTML) or the use of a Web Content Management System. While performing tasks, the participants in the awareness group attempted to apply the accessibility concepts learnt during the training session and spent more time in searching those concepts on the Web in order to provide accessible web page content. Conversely, most of the participants in the unawareness group were concerned by the “look” of the web page, rather than focusing on actual accessible content; they only mimicked the exemplar website they have been provided as an ‘end product’, but did not explore the how and why of accessible content. All the participants at the end of this study were aware of the significance of web accessibility and were favourable to consider it in any future website development they may be involved in. The outcome of the study shows that the use of accessible Web Content Management System with example-based accessibility awareness sessions can lead to improved accessibility outcomes for novice web content authors. This research strongly suggests that even small, focussed and example-based training/awareness raising session can drive an accessibility mindset in web content authors, even those with limited or no technical, accessibility or web authoring experience

THE STRATEGIC ASSOCIATION BETWEEN ENTERPRISE CONTENT MANAGEMENT AND DECISION SUPPORT

To deal with the increasing information overload and with the structured and unstructured data complexity, many organizations have implemented enterprise content management (ECM) systems. Published research on ECM so far is very limited and reports on ECM implementations have been scarce until recently (Tyrväinen et al. 2006). However, the little available ECM literature shows that many organizations using ECM focus on operational benefits while strategic decision-making benefits are rarely considered. Moreover, the strategic capabilities such as decision making capabilities of ECM are not fully investigated in the current literature. In addition, the literature lacks a strategic management framework (SMF) that links strategies, business objectives, and performance management although there are several published studies that discuss ECM strategy. A strategic management framework would seem essential to effectively manage ECM strategy formulation, implementation, and performance evaluation (Kaplan and Norton 1996; Ittner and Larcker 1997). The absence of an appropriate strategic management framework keeps organizations from effective strategic planning, implementation, and evaluation, which affects the organizational capabilities overall. Therefore, the objective of this dissertation is to determine the decision support capabilities of ECM, and specify how ECM strategies can be formulated, implemented, and evaluated in order to fully utilize the ECM strategic capabilities. Structural equation modeling as well as design science approaches will be adopted to achieve the dissertation objectives

XIII Jornadas de ingeniería telemática (JITEL 2017)

Las Jornadas de Ingeniería Telemática (JITEL), organizadas por la Asociación de Telemática (ATEL), constituyen un foro propicio de reunión, debate y divulgación para los grupos que imparten docencia e investigan en temas relacionados con las redes y los servicios telemáticos. Con la organización de este evento se pretende fomentar, por un lado el intercambio de experiencias y resultados, además de la comunicación y cooperación entre los grupos de investigación que trabajan en temas relacionados con la telemática. En paralelo a las tradicionales sesiones que caracterizan los congresos científicos, se desea potenciar actividades más abiertas, que estimulen el intercambio de ideas entre los investigadores experimentados y los noveles, así como la creación de vínculos y puntos de encuentro entre los diferentes grupos o equipos de investigación. Para ello, además de invitar a personas relevantes en los campos correspondientes, se van a incluir sesiones de presentación y debate de las líneas y proyectos activos de los mencionados equiposLloret Mauri, J.; Casares Giner, V. (2018). XIII Jornadas de ingeniería telemática (JITEL 2017). Editorial Universitat Politècnica de València. http://hdl.handle.net/10251/97612EDITORIA