[Owasp Source Flaws Top 10] how to evaluate risk from content management system--cms

Paolo Perego thesp0nge at owasp.org
Fri Jul 30 10:11:05 EDT 2010

Hi Yi, this project was intended to track the 10 most present
vulnerabilities in a source code... the 10 worst programmer behavior.

However since this project is not intended to live anymore (due to
lack of usefulness), I kindly ask Paulo who is reading in cc to shut
it down.


On Fri, Jul 30, 2010 at 3:47 PM, Yi Li <yi.li26 at gmail.com> wrote:
>      will appreciate if anyone could share thoughts on how to evaluate the
> risk from 'content management system' CMS.
>      the component of CMS that I would like to evaluate is the component
> that generate content for the web server, which is installed on the
> application server, which is usually done by install a library of CMS on
> E-comm's application server. assume there is a coding flaws in the code in
> this component, such as sql injection, my question is how to evaluate
> whether such vulnerabilities will open doors for hackers to attack the web
> applications deployed on the same application server, or such
> vulnerabilities will only endanger the CMS functionality.
>      thanks.
> _______________________________________________
> Owasp-source-code-flaws-top-10 mailing list
> Owasp-source-code-flaws-top-10 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-source-code-flaws-top-10

"... static analysis is fun, again!"

OWASP Orizon project leader, http://github.com/owasp-orizon
Owasp Italy R&D director

More information about the Owasp-source-code-flaws-top-10 mailing list