Blog

Secure Web 2.0 (& Drupal) Part 8
Create by: pottol 05/26/2015 - 14:17 | 0 Comments
Keeping Drupal Secure

Keeping Drupal Secure

Read more
Secure Web 2.0 (& Drupal) Part 7
Create by: pottol 05/26/2015 - 14:15 | 0 Comments
Drupal Approved Modules

A9 Using Component with Known Vulnerabilities

Components, such as libraries, frameworks, and other software modules, almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defenses and enable a range of possible attacks and impacts.

Read more
Secure Web 2.0 (& Drupal) Part 6
Create by: pottol 05/26/2015 - 14:11 | 0 Comments
Drupal CSRF

 A7 Missing Functional Level Access Control

Most web applications verify function level access rights before making that functionality visible in the UI. However, applications need to perform the same access control checks on the server when each function is accessed. If requests are not verified, attackers will be able to forge requests in order to access functionality without proper authorization.

Drupal approach:

·         Menu system uses access callback and access arguments

·         Continually review permissions

Read more
Secure Web 2.0 (& Drupal) Part 5
Create by: pottol 05/26/2015 - 13:52 | 0 Comments
Encrypt

A5 Security Misconfiguration

Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date.

Check the Server Configuration:

·         Check the Server hardening

·         Avoid using FTP

Read more

Pages