A review: Penetration testing approaches on Content Management System (CMS)

Abstract

These days, Content Management Systems (CMS) have been the target for adversaries in the cyber world since they are mostly open-source like Drupal, Joomla and WordPress, where no experts want to address the vulnerabilities due to them having no price tags. This paper aims to review the available and proposed penetration testing approaches and tools used on content management systems (CMS) and tabulate the results in a review matrix. There are 22 articles found regarding the proposed approaches and tools where some of which use machine learning (ML) algorithms. The matrix is categorized based on whether those approaches involve the use of machine learning algorithms or they involve other approaches like using basic penetration tools like Sqlmap and Metasploit to perform basic penetration tests like SQL Injection or Cross-site scripting (XSS). The penetration testing algorithms are further categorized on whether they are reinforcement learning (RL) algorithms or normal algorithms. Some of the approaches are later discussed in the third section of the paper, where they are categorized into penetration testing approaches that use reinforcement learning, the usage of basic penetration testing tools and the other proposed penetration testing tools.