Most of our jobs dealing with securing a Joomla website by removing all potential security threats have to deal with Acunetix. Usually, our customers come to us with either an Acunetix report or ask us to run an Acunetix scan on their Joomla website.
Typically, here are the couple of critical vulnerabilities that we find:
– XSS (Cross-site scripting) vulnerabilities: We solve these by removing all JavaScript code from the user’s input.
– SQL Injection vulnerabilities: Escaping is, in most cases, the solution. Usually SQL injection vulnerabilities exist in non-core Joomla extensions.
It takes us anywhere between 2 to 3 days to finish the job (cleaning all the extensions and fixing the code). For our small business customers, we follow up with them every quarter to ensure that they’re website is still bullet proof.
For those of you who want to know, the common reasons why our customers run these security scans on their websites are:
– They (our customers) want to become PCI compliant, so it’s a pre-PCI compliance test.
– They run a mission critical website that should not be hacked.
– They run a government website where there are standards that must be met when it comes to security.
[…] and 3) Permission issues. We usually accomplish this using Acunetix (note: we have written about Acunetix and Joomla […]
[…] our post about Acunetix and Joomla, we briefly mentioned the topic of Cross Site Scripting (XSS)1 in Joomla. In this post, we will […]
[…] the Joomla Security Experts. We use advanced techniques and a world class security software (see Acunetix and Joomla) to ensure that your website is safe and secure and that it remains safe and […]
[…] Run a vulnerability scan: You should regularly run a vulnerability scan on your website. There are many website security scanners out there (just make sure you choose one that is tested and is known to provide reliable results). For our clients, we use Acunetix (read this post we have written a while ago about Acunetix and Joomla). […]