Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Cracking Drupal: A Drop in the Bucket

The first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal and how to prevent them from continuing Drupal is an open source framework and content management system that allows users to create and organize content, customize presentation, automate tasks, and manage site visitors and contributors. Authored by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal and how to prevent them from continuing. The main goal of this guide is to explain how to write code that avoids an attack in the Drupal environment, while also addressing how to proceed if vulnerability has been spotted and then regain control of security.

Biography

Greg James Knaddison is Principal of Growing Venture Solutions and a dedicated Drupalista. As a member of the Drupal security team, Knaddison has participated in every part of the process including identifying vulnerabilities, creating fixes, testing fixes, and writing security documentation and advisories. He has also contributed modules and publishes the news site DrupalDashboard.com.

Table of Contents

1. That Horrible Sinking Feeling.

2. Security Principles and Vulnerabilities Outside Drupal.

3. Protecting Your Site with Configuration.

4. Drupal's User and Permissions System.

5. Dangerous Input, Cleaning Output.

6. Safety in the Theme.

7. Drupal Access System.

8. Automated Security Testing.Weaknesses in the Wild

9. Finding, Exploiting and Avoiding Vulnerabilities.

10. Un-cracking Drupal.

Appendix A: Function Reference.

Appendix B: Installing Drupal 6 Fresh Out of the Box.

Appendix C: Leveraging Community Resources.

Glossary: Glosssary of Key Terms.

Index.

rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments