t3secure.de presented on TYPO3 Developer Days 2022 Karlsruhe, Germany
Download our slides
07.08.2022 - Nino Müns
TYPO3 Developer Days 2022
We presented our TYPO3 security tool t3secure.de at the TYPO3 Developer Days (T3DD22) in Karlsruhe on 08/07/2022. For this purpose, our senior developer and managing director, Malte, traveled to Karlsruhe to present the tool to the interested TYPO3 developer community.
TYPO3 upgrades are often not that easy. As a result, almost 30% of TYPO3 instances base on outdated TYPO3 versions. Upgrades and updates would reduce the risk of security vulnerabilities. In his presentation, Malte elaborated on how to detect the TYPO3 version using only publicly accessible files and how the result could help the TYPO3 community to encourage users to take action regarding their outdated TYPO3. He gave insights into the bachelor thesis written by our student, Jann, showing how often existing TYPO3 websites are affected by security issues.
In our presentation we went into more detail about our version detection algorithm and also showed a live demonstration for the first time. The audience of the TYPO3 Developer Days could get a first insight from the user's point of view, before we went deeper into the matter. Thereby the official TYPO3 GitHub repository is used to create the version characteristics, which later enable the recognition of a TYPO3 version. Subsequently, known vulnerabilities of the TYPO3 versions are queried via the NVD API, which are available in the form of CVEs. The subsequent scanning process was discussed step by step on the example site typo3.org.
We have tested 780 TYPO3 websites within our project: 69,4 % of the TYPO3 websites we tested are affected by already known vulnerabilities.
*CVE (Common Vulnerabilities and Exposures) is a list of standardized names for vulnerabilities and other security risks. The CVE list serves to standardize the names of all known security holes and vulnerabilities.
Get in touch
t3secure.de is a project of MÜNSMEDIA GmbH. We are love to hear your thoughts on our tool.
Mr. Nino Müns