Creating Secure Web Sites With Drupal
Security is mission critical
Number of ways to attack remote computer and web sites grows from year to year.
WhiteHat Security Inc, company based in California, US, conducted a study in year 2006. They investigated security of largest and most popular websites in the retail, financial, insurance, education and social networks, using the famous WASC threat classification.
Result: 7 out of 10 websites have serious vulnerabilities.
While this gives you information that is not easy to digest, there are some things that can be done before you decide to turn off your web server forever:
- First, create as much obstacles as possible, and make the cost of attack much higher then the value you are trying to protect. For most of the web sites, something like this is usually very simple to do.
- Second, start tracking what is installed on your web site. It is hard to secure what you do not know you own. We advise our customers to install one of the Drupal’s Update Status modules, to be informed of new ways to attack your site – and about measurements that can be done against them. If the Update Status module tells you that there is a security hole in one of your Drupal modules, and that there is a patch for that, you should seriously consider doing something about it.
- Finally, try to measure your security. There are several tools that can be used to investigate potential security holes and create Vulnerability Assessment Reports. After that, you can decide what extra security measures should be done.
Most of us can get a serious headache just reading the list of possible ways to attack a website, because the language itself is very aggressive: Authentication Brute Force Attack, DDOS – Denial of Service, Client-side attacks like Cross Site Scripting and Cross Site Request Forgery, Command Execution through SQL Injections ... . Fortunately, Drupal gives us a possibility to minimize risks and create a web site that can robustly respond to all known ways of attacking it.
Check out other benefits
Drupal is flexible and easy to extend
Drupal is reliable, efficient and robust
Secret Weapon of Drupal No. 1: Security
More about Security aspects of Drupal ...
Secret Weapon of Drupal No. 2: Taxonomy
More About the Power of Taxonomy ...
Secret Weapon of Drupal No. 3: CCK & Views
It allows you to define custom fields in your content types. For instance, you want to make a collection of famous quotations, and you want to track the author, the quotation and the source of that quotation. And Views can help you to create different lists of quotations: you can sort them alphabetically, or display only quotations of Winston Churchill etc.
More About the Power of CCK & Views ...
Find out how we can help you.
Please contact us to find out more about the security in Web, and what techniques should be implemented to make Drupal site secure.