Blog - RSS Feed

Latest articles

Automated Security Reviews for Drupal - 2011 edition

These are the slides for a presentation on Automated Security Reviews I'm doing at Drupalcamp Colorado. You may also be interested in Steps to a Drupal Security Review.

Improvements to Security in Drupal 7

Drupal 7 has several security improvements. People often ask if the book Cracking Drupal covers Drupal 6 or Drupal 7. The answer is that it mostly covers both because security issues did not change much between the versions. So the book is still just as relevant for Drupal 7 with the exception of the topics below. The only other major topic the book...

Why counting vulnerabilities is not a sufficient method of comparing product security

A lot of people find themselves in the position of trying to figure out which software package is the most secure, or at least more secure between a field of choices. They often try to do this by comparing the number of vulnerabilities in the two packages, going to vulnerability databases like MITRE-CVE or NIST-NVD. However, consider this example timeline...

Notes from Linux Security Tunables by Kees Cook

I recently attended Drupalcon Portland where I attended Kees Cook's session on Linux System Security Tunables. He had some great general security advice before the session began. You can watch the video on the Drupalcon site and read the slides there. Here are my notes from the session. Authentication hygiene (e.g. ssh keys) know where your credentials...

Cracking Drupal Kindle Edition now available for $14.84 (Still relevant for Drupal 7)

The day has finally come - Cracking Drupal is available for the Kindle. Cracking Drupal on the Kindle I asked my publisher about this almost instantly after the book came out. I had recently received a Kindle as a gift and was excited about e-books. Unfortunately the technology was young and getting a book on such a specific topic into the Kindle format...

Using XSS to steal access

We've talked about Cross Site Scripting (XSS) before, and for good reason, it's a risk far too many sites are vulnerable to. XSS is scary because it runs in the context of the trusted relationship between your browser and a website; XSS can do everything you can do. XSS cookie theft Let's look at another example of an XSS exploit: stealing administrative...

Drupalcon Training: Securing your Drupal site with code and configuration

First things first, please take this survey about Security in Drupal. Much like at last year's Drupalcon in San Francisco, Ben Jeavons and I will be giving a training about Drupal and Security. When we gave this course at Drupalcon San Francisco, 88% of survey respondents said they would take the class again! We took all the feedback from last time...

Discover, share and read the best on the web

Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Follow RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!