For this discussion, we will refer the top open-source products like Liferay, Drupal, WordPress, etc. and one proprietary portal like SharePoint which has good documentation.
- Home – Liferay
- WordPress.com: Build a Site, Sell Your Stuff, Start a Blog & More
- Drupal – Open Source CMS | Drupal.org
- Microsoft SharePoint Online – Collaboration Software | Microsoft 365
- Always remember you can learn cutting edge tech internals from enterprise open source like Liferay, Canonical, RedHat, GitHub, CNCF, WordPress, Drupal, Apache Foundation, Mozilla Foundation, etc. – check top 20 open-source companies and contributors overall and on GITHUB / Google / Gemini / ChatGPT / Bing regularly
Before studying cyber forensics for portals and commerce area, we must understand it’s architecture and security.
Web application architecture:
- Three tier architecture:
- CDN, WAF, Web server – Typically in external exposed subnet – Demilitarized subnet / zone
- Application Server, Database, File Store, Search, Caching in internal subnet – Militarized zone
- Integrations like IAM/LDAP/SSO, APIs, LLMs, AI, MQ, Kafka, etc. from various layers possible
- Server / cloud / VM infrastructure / VPN
- Use-cases:
- Insurance policy administration
- Supplier portals
- Intranets
- Search based use cases
- Workflows / BPMs
- eCommerce
- Public websites and more
- Sample features:
- Documentation – Liferay Learn
- Deployment:
- Cloud
- In-prem / self-hosted
- Clustered environment at most layers
Solutions could be monolith or micro-services driven, etc.
Security:
- Programming level
- Secure programming around APIs, Integrations and more
- App server security
- Separate subnets
- JVM security
- Web server & overall security
- Https
- CSP
- CSRF / CORS
- XSS
- Server hardening
- Access / IAM / 2FA / MFA
- OWASP like SQL injection and more
- Cookies & Sessions
- DoS, DDoS, Malware, Spyware, etc.
- And more – Security – Liferay Learn
- Products:
- Liferay
- Drupal
- WordPress
- SharePoint, Mozilla foundation and many more
- Custom portals, commerce built with PHP, Java, Dot Net and more
Forensics:
- Logs of app server
- Logs of web servers – Why? – IPs many times don’t pass beyond this layer of CDN, WAF, Web server
- Logs of CDN, WAF
- Logs of cloud, infra, VM, etc. and details Network Management System, Application Performance Monitoring
- Database for the state – Very critical – don’t forget this if you get access to logs and overall access of portal
- File store
- Search
- Code for integration, customizations
- Configurations – XMLs, etc.
- Access logs and full control of all servers
- DNS pings
- Integration logs
- Concerns: PII, Privacy, State of workflows, system, data, content, etc. Multi session login by single user and 2FA/MFA
- Building chain of events
- Audit trails if enabled
- Admin and other rights
- Data governance, data security, data analytics, web analytics like Google Analytics
- Logins, Logouts, Public APIs, Insecure APIs, Insecure servers, Authentication, Authorization
- Understanding the resolution path: User -> ISP -> Internet over https -> DNS resolution -> Portal CDN -> WAF -> WS (External world and https typically breaks here) -> AS -> Integrations & Search -> DB and back it goes
References:
- DNS searches – WHOIS search
- Address & owner searches on WHOIS search
- Internet archive – Goback machine
- ISP logs / Mobile tower logs
- ICAAN – ICANN Lookup
- Welcome to The Apache Software Foundation
- Homepage – Mozilla Foundation
- List of free and open-source software packages – Wikipedia
- Email me: Neil@HarwaniSytems.in
- Website: www.HarwaniSystems.in
- Blog: www.TechAndTrain.com/blog
- LinkedIn: Neil Harwani | LinkedIn