Back to Case Studies
Industry: Internet
Company: Joomla!
Location: New York, United States
Company Size: > 10,000 Employees

Joomla! Ensures Website Security with Acunetix

The issues detected were of major impact, if users/hackers would have found the security holes, they could have hacked an entire Joomla! site.

- Robin Muilwijk, member of the Quality and Testing Team, Joomla!

The need for an automated security auditing tool

The Joomla! Core Team Quality & Testing Working Group’s mission is to help improve the quality, stability and security of the Joomla! Core Code, through continuous rigorous testing and quality reporting. The extensive PHP-based Joomla! Core Code was, until recently, tested manually. “Performing a manual security audit each time we released a new version would take up too many hours and resources. Manual auditing is highly complex and it means that you have to keep track of considerable volumes of code as well as the latest techniques being used by hackers. Finding an automated solution was, therefore, essential,” said Mr. Muilwijk, member of the Quality and Testing Team.

“While evaluating several tools that could help automate some of our test processes, two really stood out, Automated QA TestComplete and Acunetix Web Vulnerability Scanner. Both companies were willing to support the Joomla! project and provided us with licenses,” said Mr.Muiwijk

Testing environment

The tests were performed on a local PC (Dell, Pentium 4 3.2 Ghz, 1Gb RAM) running a localhost webserver based on WAMP (Apache 2.x, MySQL 5.x and PHP 5.x). “Acunetix WVS was very easy to use and intuitive and ran full webscans on the localhost website,” stated Mr.Muilwijk.

Vulnerabilities discovered

Using Acunetix Web Vulnerability Scanner, the developers at Joomla! found high-risk SQL Injection vulnerabilities within a very short period of time. “The issues detected were of a major impact, if users/hackers would have found the security holes, they could have hacked an entire Joomla! site,” said Mr. Muilwijk. Besides SQL Injection vulnerabilities, the software detected some low-level vulnerabilities related to the web server setup.

Fixing the bugs

“With Acunetix WVS, our developers were able to spot the vulnerabilities immediately and the issues were fixed quite easily,” said Mr. Muilwijk “It was just a matter of using correct PHP standards and other practices such as input filtering. We ran the scans a few times on every new release, to ensure we did not miss any new issues after changing the core code.”

“With Acunetix WVS we were able to perform our tasks better, thus improving the quality, stability and security of Joomla! We would like to thank Acunetix for supporting the Joomla! project and giving us the opportunity to use its tool,” said Mr. Muilwijk.

About Acunetix Web Vulnerability Scanner

Acunetix Web Vulnerability Scanner ensures website security by automatically checking for SQL injectionCross site scripting and other vulnerabilities. Furthermore, Acunetix protects against the embedding of Javascript malware in a web-page through its JavaScript Analyzer. Such protection secures all AJAX applications. Acunetix WVS also checks password strength on authentication pages and automatically audits shopping carts, forms, dynamic content and other web applications. As the scan is being completed, the software produces detailed reports that pinpoint where vulnerabilities exist.

About Joomla!

Joomla! is a free, award-winning content management system written in PHP which allows users to easily publish their content on the world wide web and intranets. Joomla! is created as an open-source project where individuals and teams contribute their skills to its development as well as its supporting systems.

What sets Joomla! apart is the team’s dedication to keeping things as simple as possible while providing the most features possible. Finally, non-technical people can have complete control over their websites without paying exorbitant amounts for closed, proprietary software.

The name Joomla! is a phonetic spelling for the Swahili word “Jumla”, which means “all together” or “as a whole”. More information at: http://joomla.org/

Acunetix was founded to combat the alarming rise in web attacks. Its flagship product, Acunetix Web Vulnerability Scanner, is the result of several years of development by a team of highly experienced security developers. Acunetix is a privately held company with headquarters based in Europe (Malta) and an office in London, UK.

Turn your security process into a success story

Get a demo

"A strong and comprehensive web vulnerability scanner that can be used to discover flaws in our customers’ web applications as well as first class support from Acunetix."

Jesper Helbrandt

"Having used Acunetix since 2009, we find it an essential tool in protecting our interior critical systems and helping our customers protect their own systems."

Chen Chiu Lin Researcher

"The company needed a ‘digital fortress’ to protect the private/personal information and monitor any security vulnerabilities ongoing. Acunetix is instrumental in massively reducing online risk – making sure there are no black holes which could be exploited"

Anthony Sinclair Managing Director