Creating Secure Web Sites With DrupalDrupal

Security is mission critical

Most of the people do not think that security is something that they should be bothered with. Unfortunately, they are wrong. There are people around this world that use their time and energy to attack web sites and other computers.

Number of ways to attack remote computer and web sites grows from year to year.

WhiteHat Security Inc, company based in California, US, conducted a study in year 2006. They investigated security of largest and most popular websites in the retail, financial, insurance, education and social networks, using the famous WASC threat classification.

Result: 7 out of 10 websites have serious vulnerabilities.

While this gives you information that is not easy to digest, there are some things that can be done before you decide to turn off your web server forever:

  • First, create as much obstacles as possible, and make the cost of attack much higher then the value you are trying to protect. For most of the web sites, something like this is usually very simple to do.
  • Second, start tracking what is installed on your web site. It is hard to secure what you do not know you own. We advise our customers to install one of the Drupal’s Update Status modules, to be informed of new ways to attack your site – and about measurements that can be done against them. If the Update Status module tells you that there is a security hole in one of your Drupal modules, and that there is a patch for that, you should seriously consider doing something about it.
  • Finally, try to measure your security. There are several tools that can be used to investigate potential security holes and create Vulnerability Assessment Reports. After that, you can decide what extra security measures should be done.

Most of us can get a serious headache just reading the list of possible ways to attack a website, because the language itself is very aggressive: Authentication Brute Force Attack, DDOS – Denial of Service, Client-side attacks like Cross Site Scripting and Cross Site Request Forgery, Command Execution through SQL Injections ... . Fortunately, Drupal gives us a possibility to minimize risks and create a web site that can robustly respond to all known ways of attacking it.

Check out other benefits

Find out how we can help you.

Please contact us to find out more about the security in Web, and what techniques should be implemented to make Drupal site secure.

Return to top