Creating Secure Web Sites With Drupal
Security is mission critical
Number of ways to attack remote computer and web sites grows from year to year.
WhiteHat Security Inc, company based in California, US, conducted a study in year 2006. They investigated security of largest and most popular websites in the retail, financial, insurance, education and social networks, using the famous WASC threat classification.
Result: 7 out of 10 websites have serious vulnerabilities.
While this gives you information that is not easy to digest, there are some things that can be done before you decide to turn off your web server forever:
- First, create as much obstacles as possible, and make the cost of attack much higher then the value you are trying to protect. For most of the web sites, something like this is usually very simple to do.
- Second, start tracking what is installed on your web site. It is hard to secure what you do not know you own. We advise our customers to install one of the Drupal’s Update Status modules, to be informed of new ways to attack your site – and about measurements that can be done against them. If the Update Status module tells you that there is a security hole in one of your Drupal modules, and that there is a patch for that, you should seriously consider doing something about it.
- Finally, try to measure your security. There are several tools that can be used to investigate potential security holes and create Vulnerability Assessment Reports. After that, you can decide what extra security measures should be done.
Most of us can get a serious headache just reading the list of possible ways to attack a website, because the language itself is very aggressive: Authentication Brute Force Attack, DDOS – Denial of Service, Client-side attacks like Cross Site Scripting and Cross Site Request Forgery, Command Execution through SQL Injections ... . Fortunately, Drupal gives us a possibility to minimize risks and create a web site that can robustly respond to all known ways of attacking it.
Check out other benefits
-
Drupal is flexible and easy to extend
With Drupal, building an impressive website from scratch is simple and straight-forward. It requires less programming than the other CMS's. More than this, it is easier to add new features and even reshape Drupal website from a simple presentation site to a web application. You do not need to implement everything again from the scratch just to change something simple – you just make the change. -
Drupal is reliable, efficient and robust
Drupal is very well known for its meticulously crafted and well-designed code. The design structure empowers developers to write a code that uses the system resources wisely. This means the speed issues and concurrence problems are not likely to come into consideration in everyday work. Even more, patches or updates to a site can be done in a straight-forward manner, and updating existing Drupal system that follows a simple set of general rules usually take no more then one day to implement. -
Secret Weapon of Drupal No. 1: Security
Most of the people do not think that security is something that they should be bothered with. Unfortunatelly, they are wrong. There are people around this world that use their time and energy to attack web sites, and the consequences for you could range from loss of business to legal liability.
More about Security aspects of Drupal ... -
Secret Weapon of Drupal No. 2: Taxonomy
Modern organizational requirements moved their focus from simply managing data, to making content easy to find and retrieve. With increasing amount of information that are “somewhere” in the system, the problem of retrieving it is becoming crucial. The Taxonomy module is Drupal’s answer to this challenge.
More About the Power of Taxonomy ... -
Secret Weapon of Drupal No. 3: CCK & Views
Content Construction Kit is one of the modules for Drupal.
It allows you to define custom fields in your content types. For instance, you want to make a collection of famous quotations, and you want to track the author, the quotation and the source of that quotation. And Views can help you to create different lists of quotations: you can sort them alphabetically, or display only quotations of Winston Churchill etc.
More About the Power of CCK & Views ...
Find out how we can help you.
Please contact us to find out more about the security in Web, and what techniques should be implemented to make Drupal site secure.