Security vulnerabilities are present in content management systems (CMS) as well as in any other software. 97% of all cyber attacks on small and medium-size businesses exploit these vulnerabilities. Therefore it is vital that security updates be applied in time.

But the time frame between acknowledging a security vulnerability and the following automated attacks become shorter and shorter. The type of exploit normally becomes apparent with the publication of the corresponding security patch. The time span for patching is critical. Therefore the idea is obvious that web hosts might absorb those attacks with the web application firewall if only they receive the information early enough.

In cooperation with eco Association of the Internet Industry, Ruhr University Bochum, and IT startup Hackmanit, CMS-Garden e.V. has developed a service that supports web hosts with security issues until security updates can fix problems for good. With encryptions as well as an authentication system we prevent that information about unpublished security issues falls into the wrong hands.

The name of the project, SIWECOS, stands for Secure Websites and Content Management Systems. The project’s aim is to help small and medium-sized companies to defend themselves against cyber attacks. The SIWECOS project is part of the initiative “IT-Sicherheit in der Wirtschaft” (IT security in economics) and thus supported by the German Ministry for Economics and Energy. The initiative aims to support small and medium-sized companies in order to safely use internet and telecommunication systems.

Another part of the project is the website check that will test your website on various problems concerning security. Read more about this on the SIWECOS website.

Links

• Project website siwecos.de (currently only available in German)
• Siwecos Web Host Service on Github
• Blog post about security and updates