How to view template module positions in Joomla! 2.5?

In Joomla! 1.5.x we used to append ?tp=1 at the end of the URL (i.e. http://www.yourdomain.com/index.php?tp=1) to view the module positions of the current template. In Joomla! 2.5, its same but you need to enable "Preview Module Positions".   Following steps Read more

Joomla! vs WordPress Security Updates in 2011 (The number game)

This article gives a detail statistics on Joomla! and WordPress security updates in 2011. Both CMS went through re-design and re-modeling process in 2011. Joomla! was in the process of developing 1.7/2.5 which was released in January 2012 and Read more

Solution to GoDaddy .htaccess Problem

  Recently, Gododdy hosting is having various issues with .htaccess and its nightmare for Joomla! administrator if you are running SEF URL or using product like sh404SEF.       Please try following possible solution to address your problem.   In Joomla! Turn OFF all the Read more

Simple Joomla! Replication Procedure

There are various ways to replicate Joomla! environments we can use 3rd party tools like XCloner, etc… In this article, I am going to show rather simple way to achieve the replication of Joomla! or any other CMS. Background: We Read more

Joomla! 1.7 to Joomla! 2.5

I know there are auto update tools out there on Joomla! extension directory to update Joomla! from 1.7.X to 2.5.X but I will recommend everybody to follow instruction mentioned by Joomla! community. http://docs.joomla.org/Upgrading_from_an_existing_version If you have used utilities like Joomla! Pack Read more

Akeeba Backup Review

I have been using Akeeba Backup for more than an year now. Here is my analysis of the product. Advantages: Akeeba backup is wonderful tool if you are want to backup your Joomla! CMS on the fly. This is where I Read more

DOS Vulnerabilities

Joomla! vs WordPress Security Updates in 2011 (The number game)

This article gives a detail statistics on Joomla! and WordPress security updates in 2011. Both CMS went through re-design and re-modeling process in 2011. Joomla! was in the process of developing 1.7/2.5 which was released in January 2012 and WordPress released 3.3.x and development started from 3.0.x.

Following chart represents totals number of security issues reported and fixed in 2011.

Joomla! vs WordPress Security Updates in 2011

Security Updates

Joomla! (v.1.6/v.1.7)
34
WordPress
13
Notice:
– Joomla! number was calculated for version 1.6.x and 1.7.x. Other assumption made in calculation was all security issues recorded were reported and fixed in 2011.
– WordPress number was difficult to calculate because the security updates and level of details presented by WordPress community is very minimal. I had to drill down to change logs to identify the total number of security vulnerabilities. There might be a possibility that I have missed few.

 

While developing Joomla! 1.7/2.5 Joomla! community was maintaining version 1.5 as well.

Security Updates

Joomla! (1.5)
2

Joomla! security updates by type of security vulnerabilities

Joomla! security updates by type of security vulnerabilities (2011)

Joomla! security updates by type of security vulnerabilities (2011)

Path Disclosure
2
SQL Injection
2
XSS Vulnerabilities
12
Information Disclosure
9
Redirect Vulnerabilities
1
Unauthorised Access
3
CSRF Vulnerability
2
DOS Vulnerabilities
1
Clickjacking
1
Password Change
1

WordPress security updates by type of security vulnerabilities

WordPress security updates by type of security vulnerabilities (2011)

WordPress security updates by type of security vulnerabilities (2011)

Path Disclosure
1
XSS Vulnerabilities
3
Information Disclosure
1
Redirect Vulnerabilities
1
Unauthorised Access
1
CSRF Vulnerability
1
Clickjacking
1
Media Security
1
Uploader Security
1
Others
2

Conclusion: As the number shows both products went through re-design and re-model phase in 2011. But 2012’s data, will give us better understanding of the stability of these two products.

References:
Joomla! Security News URL: http://developer.joomla.org/security/news.html?limitstart=0
WordPress Security News URL: http://wordpress.org/news/category/security/

Security Vulnerabilities Information Links:
Path Disclosure:
https://www.owasp.org/index.php/Full_Path_Disclosure
Information Disclosure:
http://searchsecurity.techtarget.com/definition/vulnerability-disclosure
Redirect Vulnerabilities:
https://www.owasp.org/index.php/Open_redirect
http://developer.joomla.org/security/news/333-20110302-core-redirect-vulnerabilities
DOS Vulnerabilities:
http://en.wikipedia.org/wiki/Denial-of-service_attack
CSRF Vulnerability:
http://en.wikipedia.org/wiki/Cross-site_request_forgery
Clickjacking:
http://en.wikipedia.org/wiki/Clickjacking

Posted on by Hassan Janjua in CMS, Joomla! Leave a comment
  • Hassan Janjua is a Sacramento, CA, USA based web designer specializing in Joomla! development. Hassan is involved in many aspects of the Joomla! and open source content management community. Hassan holds project manager postion with JoomClan.com where he is managing 3rd party Joomla! extensions like JoomRSS, JoomListings, JoomClip, and JoomDocs. Hassan has more than 8 years of experience in Mambo and Joomla!.

    Let me know what you think

    You can contact me via email button below or submit online

    Feedback Form