Website security is one of the most important parts of running a website, and also one of the most overlooked. Much of this has to do with the rise of modern Content Management Systems (CMS) which have enabled just about anyone with a minimal skillset to setup and post content to a website. These sites are often unmanaged, meaning security patches and version updates are not installed regularly, if at all. To make things worse, many sites are hosted by companies that have little understanding of good security practices. Companies that choose to forgo the regular updating of the systems that run the CMS.
Sometimes I really love the names security researchers come up with to label a security issue. Todays fun sounding security vulnerability is called ZipSlip, and the name is surprisingly accurate. ZipSlip was disclosed by the security firm Snyk and appears to be affecting thousands of projects. In spite of the fun name, this is a serious vulnerability that could have been avoided.
It has recently come to light that the Drupal Content Management System has another large security vulnerability discovered being dubbed "Dupalgeddon 2". This is yet another reminder how important it is to choose a Content Management System (CMS) that both fits your companies needs as well as one that is stable and secure. Additionally it's vital to actively maintain the system, applying updates frequently can help avoid a disastrous situations.