Released on = October 26, 2006, 6:26 am

Press Release Author = Acunetix

Industry = Software

Press Release Summary = Acunetix WVS audits Joomla! site for SQL Injection, XSS and
other vulnerabilities

Press Release Body = London, UK - 26 October, 2006 - Joomla!, an award-winning,
open-source content management system, uses Acunetix Web Vulnerability Scanner to
automatically audit its PHP-based website. Acunetix WVS scans the site for SQL
injection, cross-site scripting and other vulnerabilities, thereby averting possible
hacker attacks.

The need for an automated security auditing tool
The Joomla! Core Team Quality & Testing Working Group's mission is to help improve
the quality, stability and security of the Joomla! Core Code, through continuous
rigorous testing and quality reporting. The extensive PHP-based Joomla! Core Code
was, until recently, tested manually. \"Performing a manual security audit each time
we released a new version would take up too many hours and resources. Manual
auditing is highly complex and it means that you have to keep track of considerable
volumes of code as well as the latest techniques being used by hackers. Finding an
automated solution was, therefore, essential,\" said Mr. Muilwijk, member of the
Quality and Testing Team.

Vulnerabilities discovered using Acunetix WVS
Using Acunetix Web Vulnerability Scanner, the developers at Joomla! were able to
find high-risk SQL Injection vulnerabilities in no time. "The issues detected were
of a major impact, if users/hackers would have found the security holes, they could
have hacked an entire Joomla! site," said Mr. Muilwijk. Besides SQL Injection
vulnerabilities, the software detected some low-level vulnerabilities related to the
web server setup.

Fixing the bugs
"With Acunetix WVS, our developers were able to spot the vulnerabilities immediately
and the issues were fixed quite easily," said Mr. Muilwijk "It was just a matter of
using correct PHP standards and other practices such as input filtering. We ran the
scans a few times on every new release, to ensure we did not miss any new issues
after changing the core code. With Acunetix WVS we were able to improve the quality,
stability and security of Joomla!"

The full case study can be viewed at:
http://www.acunetix.com/vulnerability-scanner/cs_joomla.htm

About Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner ensures website security by automatically
checking for SQL injection, Cross site scripting and other vulnerabilities.
Furthermore, Acunetix protects against the embedding of Javascript malware in a
web-page through its JavaScript Analyzer. Such protection secures all AJAX
applications. Acunetix WVS also checks password strength on authentication pages and
automatically audits shopping carts, forms, dynamic content and other web
applications. As the scan is being completed, the software produces detailed reports
that pinpoint where vulnerabilities exist.

Acunetix provides free audit to help companies determine the security of their websites
Enterprises who would like to have their website security checked can register for a
free audit by visiting www.acunetix.com/security-audit. Participating enterprises
will receive a summary audit report showing whether their website is secure or not.
Summary reports will be delivered within five business days of submission.

About Joomla!
Joomla! is a free, award-winning content management system written in PHP which
allows users to easily publish their content on the world wide web and intranets.
Joomla! is created as an open-source project where individuals and teams contribute
their skills to its development as well as its supporting systems.

What sets Joomla! apart is the team's dedication to keeping things as simple as
possible while providing the most features possible. Finally, non-technical people
can have complete control over their websites without paying exorbitant amounts for
closed, proprietary software.

The name Joomla! is a phonetic spelling for the Swahili word \"Jumla\", which means
\"all together\" or \"as a whole\". More information at: http://dev.joomla.org/

About Acunetix
Acunetix was founded to combat the alarming rise in web attacks. Its flagship
product, Acunetix Web Vulnerability Scanner, is the result of several years of
development by a team of highly experienced security developers. Acunetix is a
privately held company with headquarters based in Europe (Malta), a US office in
Seattle, Washington and an office in London, UK. For more information about
Acunetix, visit: http://www.acunetix.com; http://www.acunetix.de.

All product and company names herein may be trademarks of their respective owners.


Web Site = http://www.acunetix.com

Contact Details =
Please email Tamara Borg: tamara@acunetix.com
Acunetix Ltd: Tel: (+44) 0845 6126712, Fax: (+44) 0845 6126716
URL: http://www.acunetix.com.