Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Buy Now $40.00
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword or section
Like this
13Activity
×

Table Of Contents

Anatomy of Vulnerabilities
Avoiding That Sinking Feeling
What Is Web Application Security?
Security Is a Balance
Common Ways Drupal Gets Cracked
Authentication, Authorization, and Sessions
Command Execution: SQL Injection and Friends
Cross-Site Scripting
Cross-Site Request Forgery
The Big Scary World
The Most Common Vulnerabilities
Server and Network Vulnerabilities
Weaknesses across the Stack
Denial of Service—Generic and Specific
Defense in Depth
Web Server File System Permissions
Least Privilege—Minimum Permissions for the Task
Least Privilege for Database Accounts
Social and Physical Vulnerabilities
The Vendor Password Please?
This Is IT; Can I Help?
Let’s Get Physical
Sanitizing a Typical Drupal Database
Summary
Stay Current with Code Updates
Staying Informed about Code Updates
Updating Your Site’s Code
Know Your Attack Surface
Best Practices for Contributed Modules
Performing a Quick Security Scan
Using Extra Security Modules
Login and Session-Related Modules
Password-Related Modules
Visitor Analysis
Smart Configuration of Core
User Permissions
Input Formats and Filters
Defining Permissions: hook_perm
Checking Permission: user_access and Friends
Menu Callback Permissions
Input Format Access: filter_access
Common Mistakes with Users and Permissions
Insufficient or Incorrect Menu Access
Overloading a Permission
Access Definitely Denied
Acting as Another User—and Getting Stuck
Database Sanitizing: db_query and Friends
Queries for Drupal 6.x and Earlier
Improper Use of db_query
Queries for Drupal 7.x and Newer
Translation and Sanitizing: t
Improper Use of t
Linking to Content: l and url
The Form API
Semantic Protection: Invalid Form Data
Form API: Sanitizing Options and Labels
Escaping Everything: check_plain
Filtering HTML-Formatted Code: check_markup
Basic Filtering for Admins: filter_xss_admin
Quick Introduction to Theming in Drupal
Overridable Templates and Functions
Providing Variables for Templates
Common Mistakes
Printing Raw Node Data
Best Practice: Filter Data Prior to Using Templates
Respecting the Access System
Modifying Queries for Access: db_rewrite_sql
Testing Access for a Single Node: node_access
Case Study: Private Module
Node Access Storage Explained
Test Drupal with Drupal: Coder Module
More Testing Drupal with Drupal Security Scanner
Testing Drupal with Grendel-Scan
Strategies to Crack Drupal
Searching Core and Contrib for Vulnerabilities
Using Grep to Search for Common Mistakes
Finding Sites Vulnerable to the Stock Weakness
Finding Vulnerabilities by Happenstance
Exploiting the Talk Module XSS Vulnerability
How to Report Vulnerabilities
Step 1: Secure the Menu
Step 2: Secure the User Search
Step 3: Secure the Node List
Drupal Un-cracked
Text-Filtering Functions
Link and URL Building Functions
Users and Permissions
Database Interaction
Step 1: Installing Drupal—Easier Than Ever Before
Downloading Drupal
Unzipping and Preparing Files for Upload
Uploading Files
Running the Drupal Installation Wizard
Alternate Method: Managing Drupal with CVS
Step 2: Designing and Building the Architecture
Application Scope and Domain
Creating Roles and Users
Installing and Enabling Modules
Making the Site Bilingual
Step 3: Creating the Business Objects
Step 4: Creating the Workflows
Implementing the Registration Workflow
Implementing the Client’s Workflow
Implementing the Translator’s Workflow
Installing the Vulnerable module
Resources from the Drupal Security Team
General Security Resources
PHP.net
OWASP
Google Code University
Heine Deelstra
Groups.Drupal.org
Robert Hansen—rsnake
Bruce Schneier
CrackingDrupal.com
GLOSSARY
Index
P. 1
Cracking Drupal: A Drop in the Bucket

Cracking Drupal: A Drop in the Bucket

Ratings:

3.67

(6)
|Views: 13,022|Likes:
Published by Wiley
The first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal?and how to prevent them from continuing Drupal is an open source framework and content management system that allows users to create and organize content, customize presentation, automate tasks, and manage site visitors and contributors. Authored by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal?and how to prevent them from continuing. The main goal of this guide is to explain how to write code that avoids an attack in the Drupal environment, while also addressing how to proceed if vulnerability has been spotted and then regain control of security.
The first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal?and how to prevent them from continuing Drupal is an open source framework and content management system that allows users to create and organize content, customize presentation, automate tasks, and manage site visitors and contributors. Authored by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal?and how to prevent them from continuing. The main goal of this guide is to explain how to write code that avoids an attack in the Drupal environment, while also addressing how to proceed if vulnerability has been spotted and then regain control of security.

More info:

Publish date: Apr 22, 2009
Added to Scribd: Feb 05, 2010
Copyright:Traditional Copyright: All rights reservedISBN:9780470506820
List Price: $40.00 Buy Now

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
Also found in:drupal, hardening, software
See More
See less

04/02/2014

242

9780470506820

$40.00

USD

You're Reading a Free Preview
Pages 5 to 70 are not shown in this preview.
You're Reading a Free Preview
Pages 75 to 107 are not shown in this preview.
You're Reading a Free Preview
Pages 112 to 146 are not shown in this preview.
You're Reading a Free Preview
Pages 151 to 154 are not shown in this preview.
You're Reading a Free Preview
Pages 159 to 242 are not shown in this preview.

Activity (13)

You've already reviewed this. Edit your review.
B Ertalan Magyar liked this
1 thousand reads
1 hundred reads
Gafencu Ruben liked this
mianalza liked this
Bhargavi Moorthy liked this
maza mazoute liked this
adnan68 liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->