drupal security

dylanclear's picture

Tag1 Quo: D6 LTS

Tag1 Quo is a hosted security solution that keeps your Drupal 6 site up-to-date with the latest security patches for core as well as all contributed themes, and modules. Tag1 Quo provides you a single comprehensive viewpoint of your security that quickly allows you to understand vulnerabilities and take action to address them.

Read more
mgifford's picture

Drupal Security Guide

Wanted announce our Drupal Security Guide here. We've just updated it with information about Drupal 8.

This document has had contributions from lots of folks, but is still certainly a work in progress. That being said, there are over 65 pages worth of information about almost all aspects of Drupal security.


Read more
InternetDevels's picture

How to ensure your Drupal website security

The Drupal core is well protected by default, but you can ensure your website security by following some additional security rules that can protect your site from attacks and other threats.

These rules are about using http, deleting/blocking a user, preventing the execution of unreliable php code, hiding information from users and more. If you are interested, you can find all the details in the blog post by our developer.


Read more
derrotebaron's picture

Files to monitor

Are there any static files in Drupal that could be monitored for unauthorized access? In light of the latest vulnerability/exploit, I was wondering if perhaps a HIDS, or some type of file integrity solution could be used to monitor specific files related to Drupal that would indicate a compromise.


Read more
Joe.U.Questionmark's picture

Interested in analysing past security vulnerabilities by type

I have read the Drupal security white paper v1.2 which contains some insightful analysis of historical security vulnerabilities by type over the last 6 years.

I would be interesting in generating my own analysis of Drupal security vulnerabilities by type over the last 12 months.

Can someone point me at a good source of data in a format that is reasonable easy to analyse?

Thanks for your help!

Read more
mgifford's picture

Building a Collaborative Best Practice Security Document

We recently wrote a security best practices document for a government client. We wanted to distribute this more widely because security is a complex issue, that so many organizations seem to get wrong. In government this is often because they are working in isolation and haven't been able to keep up with the rapid changes in IT security.

Read more
dokumori's picture

Randomness attacks against PHP applications

In this paper it is reported many PHP applications make false assumption about the true randomeness of the core PHP random funcions and it might lead to attacks, for example using the password reset features. Drupal may also be affected by this e.g. 6 session cookie generation.

If anyone researches this and find Drupal to be actually vulnerable, please report to the security team.

Read more
inchains's picture

Seguranca utilizando custom_url_rewrite_outbound


Gostaria que me esclarecessem e se possível ajudassem com o seguinte.
Através do exemplo dado na documentação do drupal, consegui através das funções custom_url_rewrite_outbound() e custom_url_rewrite_inbound() manipular o código:

function custom_url_rewrite_outbound(&$path, &$options, $original_path) {
if (preg_match('|^admin(/{0,1}.)|', $path, $matches)) {
$path = 'config'. $matches[1];
function custom_url_rewrite_inbound(&$result, $path, $path_language) {
if (preg_match('|^config(/{0,1}.
)|', $path, $matches)) {
$result = 'admin'. $matches[1];

Read more
greggles's picture

Project Application Security Review Mentoring

I feel like there are people who feel comfortable doing the regular review, but not the security review portion of a typical review. So, I'd like to share with some folks how I tend to do that in one-on-one sessions. I hope that by doing these one-on-one it will provide more confidence to those folks than a blog post or screencasts or whatever might do.

Read more
phunster's picture

Harden Your Drupal Websites - From: Imminent Web Services

Subscribe with RSS Syndicate content