Cracking Drupal [electronic resource] : a drop in the bucket / Greg Knaddison.

Knaddison, Greg James.
Indianapolis, IN : Wiley Pub., Inc., 2009.
1 online resource (242 p.)
1st edition

Location Notes Your Loan Policy


Drupal (Computer file).
Web sites -- Security measures.
Electronic books.
System Details:
text file
The first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal?and how to prevent them from continuing Drupal is an open source framework and content management system that allows users to create and organize content, customize presentation, automate tasks, and manage site visitors and contributors. Authored by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal?and how to prevent them from continuing. The main goal of this guide is to explai
Cracking Drupal: A Drop in the Bucket; About the Author; Credits; Acknowledgments; Contents at a Glance; Contents; Introduction; Who Should Read This Book?; Who Am I? Why Did I Write This Book?; What This Book Covers; Parts of the Book; What Is Needed for This Book; Book Conventions; Part I: Anatomy of Vulnerabilities; Chapter 1: That Horrible Sinking Feeling; Avoiding That Sinking Feeling; Common Ways Drupal Gets Cracked; The Big Scary World; The Most Common Vulnerabilities; Summary; Chapter 2: Security Principles and Vulnerabilities outside Drupal; Server and Network Vulnerabilities
Social and Physical VulnerabilitiesSummary; Part II: Protecting against Vulnerabilities; Chapter 3: Protecting Your Site with Configuration; Stay Current with Code Updates; Know Your Attack Surface; Using Extra Security Modules; Smart Configuration of Core; Summary; Chapter 4: Drupal's User and Permissions System; Using the API; What Are Hooks, Form Handlers, and Overrides?; Defining Permissions: hook_perm; Checking Permission: user_access and Friends; Common Mistakes with Users and Permissions; Summary; Chapter 5: Dangerous Input, Cleaning Output; Database Sanitizing: db_ query and Friends
Translation and Sanitizing: tImproper Use of t; Linking to Content: l and url; The Form API; Filtering Content: check_ plain, check_markup, filter_xss_admin; Summary; Chapter 6: Safety in the Theme; Quick Introduction to Theming in Drupal; Common Mistakes; Summary; Chapter 7: The Drupal Access System; Respecting the Access System; Summary; Chapter 8: Automated Security Testing; Test Drupal with Drupal: Coder Module; Testing Drupal with Grendel-Scan; Summary; Part III: Weaknesses in the Wild; Chapter 9: Finding, Exploiting, and Avoiding Vulnerabilities; Strategies to Crack Drupal
Searching Core and Contrib for VulnerabilitiesHow to Report Vulnerabilities; Summary; Chapter 10: Un-Cracking Drupal; Step 1: Secure the Menu; Step 2: Secure the User Search; Step 3: Secure the Node List; Step 4: Disable Users Safely; Drupal Un-cracked; Part IV: Appendixes; Appendix A: Function Reference; Text-Filtering Functions; Link and URL Building Functions; Users and Permissions; Database Interaction; Appendix B: Installing and Using Drupal 6 Fresh out of the Box; Step 1: Installing Drupal-Easier Than Ever Before; Step 2: Designing and Building the Architecture
Step 3: Creating the Business ObjectsStep 4: Creating the Workflows; Summary; Appendix C: Leveraging Community Resources; Resources from the Drupal Security Team; General Security Resources; Summary; Glossary; Index
Includes index.