ARN

Cracking Drupal: A Drop in the Bucket

The first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal and how to prevent them from continuing Drupal is an open source framework and content management system that allows users to create and organize content, customize presentation, automate tasks, and manage site visitors and contributors. Authored by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal and how to prevent them from continuing. The main goal of this guide is to explain how to write code that avoids an attack in the Drupal environment, while also addressing how to proceed if vulnerability has been spotted and then regain control of security.

Biography

Greg James Knaddison is Principal of Growing Venture Solutions and a dedicated Drupalista. As a member of the Drupal security team, Knaddison has participated in every part of the process including identifying vulnerabilities, creating fixes, testing fixes, and writing security documentation and advisories. He has also contributed modules and publishes the news site DrupalDashboard.com.

Table of Contents

1. That Horrible Sinking Feeling.

2. Security Principles and Vulnerabilities Outside Drupal.

3. Protecting Your Site with Configuration.

4. Drupal's User and Permissions System.

5. Dangerous Input, Cleaning Output.

6. Safety in the Theme.

7. Drupal Access System.

8. Automated Security Testing.Weaknesses in the Wild

9. Finding, Exploiting and Avoiding Vulnerabilities.

10. Un-cracking Drupal.

Appendix A: Function Reference.

Appendix B: Installing Drupal 6 Fresh Out of the Box.

Appendix C: Leveraging Community Resources.

Glossary: Glosssary of Key Terms.

Index.

rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/avg/2009-09-18_71_become-an-avg-reseller
AVG (AU/NZ) Pty Ltd

Become an AVG Reseller and Make Serious Money!

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.