Subscribe to Acqal
Get Acqal TYPO3 Support Now
Client Comments
"Thank you for making this tight launch- your team has been great, and accessible through this whole process. We are grateful to you all for your assistance over this last month, and look forward to continuing into 2010."
TYPO3 Security Auditing by TYPO3 Professionals
Be concerned about the latest TYPO3 Security Bulletin regarding Information Disclosure & XSS, cross site scripting, in the TYPO3 Core. If you haven't patched your TYPO3 CMS yet, it's vitally important that you don't delay. Contact Acqal right now to get the jumpUrl security hole closed immediately. Without this quick patch, it's not a question about if, but when you'll be doing a full system recovery.
Basic enterprise content management system security audits involve nearly a 100 points investigation. Do you have the experience to know which are most important and have the balance of cost, effort, and time for your site?
Acqal can readily help you determine if your site is secure and create a program to resolve issues and keep it secure. Contact Acqal now for more security audit information.
Acqal TYPO3 Security Audit Checklist Highlights
Topic | Priority |
Secure the Install Tool | High |
Change “admin” Password | High |
Rename “admin” User | High |
Do not use “Quickstart“, “Testsite” et al. for Live Systems | High |
File System Access Rights | High |
Remove unneeded code | High |
Configure TYPO3 Security Options | High |
Avoid config.baseURL=1 | High |
Restrict Special Content Elements usage | High |
Choose Personal User Names for Backend Access | High |
Logging / Auditing | High |
Consider Using SSL for Backend Access | Medium |
FE User Security | Medium |
Error Handling | Medium |
Use Trusted / Reviewed Extensions | Medium |
Subscribe to TYPO3-Announce, Apply Fixes | High |