Site scans and audits

Events happening in the community are now at Drupal community events on www.drupal.org.
cjordan's picture
Posted by cjordan on August 13, 2015 at 10:51pm

Hello group members,
I am looking for a way to scan my drupal sites for security issues. I found this site online https://hackertarget.com/drupal-security-scan/. Thanks for your comments in advance.

Categories:

Comments

Tools and options

Posted by fluxsauce on August 14, 2015 at 1:02am
fluxsauce's picture

The site you mentioned is not comprehensive at all and provides some confusing output.

Drupal Version - 7.38 - Warning there is a critical vulnerability in Drupal 7 core versions earlier than 7.32

Uh, yes, that's accurate, 7.38 is higher than 7.32.

It checks to see if directory indexing is enabled and a couple other minor checks. Honestly, I think it just drives traffic to their professional services with some very minimal analysis.

No one algorithm will capture everything, but a number of tools can be used together.

I'm partial to https://drupal.org/project/site_audit used in conjunction with https://drupal.org/project/security_review https://drupal.org/project/hacked and https://drupal.org/project/unused_modules - but with the caveat that I'm the author of site_audit so my opinion might be skewed.

Also, http://sourceforge.net/projects/rips-scanner/files/ has found some vulnerabilities not detected elsewhere.

Auditing the hosting environment is another task altogether. Are all the components in the stack up-to-date, correctly configured, and appropriate for the task at hand?

Thanks

Posted by cjordan on August 14, 2015 at 2:26am
cjordan's picture

Hello,
I am very grateful for the information. I will certainly put it to good use. Thanks so much. I have hosting that I resell, VPS hosting with WHM. I have a small startup that caters specifically to drupal. I have had my issues with various hosting companies and in my experience most don't offer support for drupal specific related issues. I usually have to troubleshoot my own issues and needs, drupal needs resources to run smoothly. So I offer support borrowing from my years of experience from drupal 6 days till now. I do not delve too deep into the code I mostly try to make sure that the sites are patched with the latest updates and that my customers get the best possible support for their projects.

Hi cgordan, there's a group

Posted by christefano on August 14, 2015 at 8:35pm
christefano's picture

Hi cjordan, there's a group called Site Audits:

   https://groups.drupal.org/site-audits

Would you like to cross-post this to that group?

Security

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week

See all hot content.