Monitor Third-Party Plugin Update After Installation

Blog 22 Dec 2020
Fixing vulnerabilities that already exposed by CMS or third-party library cannot be just a minute. It will take hours or even days to fix or patch the vulnerabilities. In order to shorten the process, we must acknowledge every defacement as soon as possible by the help of monitoring tool.
banner image

To monitor third-party plugin update is one activity shall be done in protecting webpage from defacement. Once defacement happens, it may require several hours or even days to recover it.

Background

When building a website, most of the time we will use CMS (Content Management System) as the platform to manage our website. The time will be shortened, the process arguably will be easier. Otherwise, if we want to build a website from scratch, we better monitor third-party plugin update, as well.

Making all modules by ourselves are rare to do nowadays; because it will take so much time and effort.

The decision which CMS or third-party library to use usually is based on our need or CMS reputation. In short, we can trust both technologies and use their product. It will help us, especially who clueless on how to write a code and have no motivation in writing a code.

Along the time, the practicality in implementation and usage of CMS or third-party library comes together with its potential vulnerabilities. Every potential must be always measured, patched and monitored.

The exposure shall be mitigated through a system that able to monitors any update, change, or even defacement of CMS or third-party library.

The worst case of all kinds of technologies: how if we do not have or even does not aware of those vulnerabilities? Then our website will be jeopardy. Our website will be an easy hacking target, page by page, by a website Defacer.

Does it enough, if we have a system to monitor third-party plugin update?

Ok, from now on, we shall be alerted by a web monitoring tool, when CMS or third-party library release any update. Even any small update, my unleash tiny fraction of vulnerabilities.

The particular tool will notify us regarding software vulnerabilities, pushing us to update or patch the software vulnerabilities.

The next question, how long we will update or patch our system? The answer is varied. It depends on their patching package.

Sometimes, we need to do upgrade all of the dependency of the software as well. After we upgrade it, do you think your web or application can work smoothly like before? We need to conduct another test to know the answer. The time to test varies as well. A regression test must be conducted to make sure all is working well.

To fill up some time for patching and testing our website or application, you need to have Sentrypage that behave as Defacement Monitoring of your website. It will trigger you an alert upon a Defacer hack your website. No one can save us if our website is in Jeopardy state.