1 option
Cracking Drupal : a drop in the bucket / Greg Knaddison.
- Format:
- Book
- Author/Creator:
- Knaddison, Greg James.
- Language:
- English
- Subjects (All):
- Drupal (Computer file).
- Web sites--Security measures.
- Web sites.
- Physical Description:
- 1 online resource (242 p.)
- Edition:
- 1st edition
- Place of Publication:
- Indianapolis, IN : Wiley Pub., Inc., 2009.
- Language Note:
- English
- System Details:
- text file
- Summary:
- The first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal?and how to prevent them from continuing Drupal is an open source framework and content management system that allows users to create and organize content, customize presentation, automate tasks, and manage site visitors and contributors. Authored by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal?and how to prevent them from continuing. The main goal of this guide is to explai
- Contents:
- Cracking Drupal: A Drop in the Bucket; About the Author; Credits; Acknowledgments; Contents at a Glance; Contents; Introduction; Who Should Read This Book?; Who Am I? Why Did I Write This Book?; What This Book Covers; Parts of the Book; What Is Needed for This Book; Book Conventions; Part I: Anatomy of Vulnerabilities; Chapter 1: That Horrible Sinking Feeling; Avoiding That Sinking Feeling; Common Ways Drupal Gets Cracked; The Big Scary World; The Most Common Vulnerabilities; Summary; Chapter 2: Security Principles and Vulnerabilities outside Drupal; Server and Network Vulnerabilities
- Social and Physical VulnerabilitiesSummary; Part II: Protecting against Vulnerabilities; Chapter 3: Protecting Your Site with Configuration; Stay Current with Code Updates; Know Your Attack Surface; Using Extra Security Modules; Smart Configuration of Core; Summary; Chapter 4: Drupal's User and Permissions System; Using the API; What Are Hooks, Form Handlers, and Overrides?; Defining Permissions: hook_perm; Checking Permission: user_access and Friends; Common Mistakes with Users and Permissions; Summary; Chapter 5: Dangerous Input, Cleaning Output; Database Sanitizing: db_ query and Friends
- Translation and Sanitizing: tImproper Use of t; Linking to Content: l and url; The Form API; Filtering Content: check_ plain, check_markup, filter_xss_admin; Summary; Chapter 6: Safety in the Theme; Quick Introduction to Theming in Drupal; Common Mistakes; Summary; Chapter 7: The Drupal Access System; Respecting the Access System; Summary; Chapter 8: Automated Security Testing; Test Drupal with Drupal: Coder Module; Testing Drupal with Grendel-Scan; Summary; Part III: Weaknesses in the Wild; Chapter 9: Finding, Exploiting, and Avoiding Vulnerabilities; Strategies to Crack Drupal
- Searching Core and Contrib for VulnerabilitiesHow to Report Vulnerabilities; Summary; Chapter 10: Un-Cracking Drupal; Step 1: Secure the Menu; Step 2: Secure the User Search; Step 3: Secure the Node List; Step 4: Disable Users Safely; Drupal Un-cracked; Part IV: Appendixes; Appendix A: Function Reference; Text-Filtering Functions; Link and URL Building Functions; Users and Permissions; Database Interaction; Appendix B: Installing and Using Drupal 6 Fresh out of the Box; Step 1: Installing Drupal-Easier Than Ever Before; Step 2: Designing and Building the Architecture
- Step 3: Creating the Business ObjectsStep 4: Creating the Workflows; Summary; Appendix C: Leveraging Community Resources; Resources from the Drupal Security Team; General Security Resources; Summary; Glossary; Index
- Notes:
- Includes index.
- ISBN:
- 9786612122231
- 9781118080719
- 1118080718
- 9781282122239
- 1282122231
- 9780470506820
- 0470506822
- OCLC:
- 437123395
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.