Cracking Drupal: A Drop in the Bucket
Greg James Knaddison is Principal of Growing Venture Solutions and a dedicated Drupalista. As a member of the Drupal security team, Knaddison has participated in every part of the process including identifying vulnerabilities, creating fixes, testing fixes, and writing security documentation and advisories. He has also contributed modules and publishes the news site DrupalDashboard.com.
Table of Contents
2. Security Principles and Vulnerabilities Outside Drupal.
3. Protecting Your Site with Configuration.
4. Drupal's User and Permissions System.
5. Dangerous Input, Cleaning Output.
6. Safety in the Theme.
7. Drupal Access System.
8. Automated Security Testing.Weaknesses in the Wild
9. Finding, Exploiting and Avoiding Vulnerabilities.
10. Un-cracking Drupal.
Appendix A: Function Reference.
Appendix B: Installing Drupal 6 Fresh Out of the Box.
Appendix C: Leveraging Community Resources.
Glossary: Glosssary of Key Terms.
Sign up now »
- FT.NET - Sitecore Developer - Melbourne - PermNSW
- FTJob Title: Mac Systems/ Enterprise Systems EngineerNZ
- FTSenior Python DeveloperNSW
- FTTechnical Business AnalystNSW
- FTR&D EngineerSA
- FTOS Web Applications DeveloperNSW
- FTFlash / ActionScript Developer - ContractNSW
- FTQuality ManagerSA
- FTLead Software EngineerSA
When it comes to flash, “one size does not fit all.” IDC examines recent flash trends in enterprise storage deployments. This includes: highlighting how SSDs are filling in gaps of ...
The nature of work has changed fundamentally and forever and it continues to evolve rapidly. Geographic distance and ...
"Suggesting that people's "purpose is to get information to flow through the ..."
Why change management doesn’t work
"Darn those pesky laws that get in the way of commercial exploitation ..."
Larry Page wants to see your medical records
"Instead of partitioning the device between corporate and personal data, another approach ..."
Dual-Persona Smartphones Not a BYOD Panacea
"Well that's a nice back-handed compliment isn't it? So now, finally, my ..."
After two-year hiatus, EFF accepts bitcoin donations again
"Actually, both Mobile App developers and CIOs should be blamed for it. ..."
CIOs struggle to deliver timely mobile business apps: survey
- AusCERT 2013: Four dissenters to spur next year's security debates
- AusCERT 2013: Kill the password, says Mozilla
- AusCERT 2013: Unmanaged, unknown privileged logins opening the door for APTs: Cyber-Ark
- AusCERT 2013: Companies unaware of IPv6 security risk even if they’re not using it
- In pictures: AusCERT 2013 roundup
- Analytics and personalisation drive leading marketer behaviour: Report
- Innovation and big data take centre stage during CMO panel
- Twitter targets second screen interaction with Amplify advertising partnerships
- Facebook talks hyper-targeting, analytics and cross-platform at AANA event
- Tapping into social experience: Tourism Australia