53 followers 0 articles/week
Automated Security Reviews for Drupal - 2011 edition

These are the slides for a presentation on Automated Security Reviews I'm doing at Drupalcamp Colorado. You may also be interested in Steps to a Drupal Security Review.

Thu Jul 30, 2015 18:20
Improvements to Security in Drupal 7

Drupal 7 has several security improvements. People often ask if the book Cracking Drupal covers Drupal 6 or Drupal 7. The answer is that it mostly covers both because security issues did not change much between the versions. So the book is still just as relevant for Drupal 7 with the exception of the topics below. The only other major topic the book...

Fri Jul 3, 2015 00:49
Why counting vulnerabilities is not a sufficient method of comparing product security

A lot of people find themselves in the position of trying to figure out which software package is the most secure, or at least more secure between a field of choices. They often try to do this by comparing the number of vulnerabilities in the two packages, going to vulnerability databases like MITRE-CVE or NIST-NVD. However, consider this example timeline...

Thu Jun 27, 2013 11:57
Notes from Linux Security Tunables by Kees Cook

I recently attended Drupalcon Portland where I attended Kees Cook's session on Linux System Security Tunables. He had some great general security advice before the session began. You can watch the video on the Drupalcon site and read the slides there. Here are my notes from the session. Authentication hygiene (e.g. ssh keys) know where your credentials...

Thu Jun 27, 2013 11:57
Cracking Drupal Kindle Edition now available for $14.84 (Still relevant for Drupal 7)

The day has finally come - Cracking Drupal is available for the Kindle. Cracking Drupal on the Kindle I asked my publisher about this almost instantly after the book came out. I had recently received a Kindle as a gift and was excited about e-books. Unfortunately the technology was young and getting a book on such a specific topic into the Kindle format...

Thu Jun 27, 2013 11:57
Using XSS to steal access

We've talked about Cross Site Scripting (XSS) before, and for good reason, it's a risk far too many sites are vulnerable to. XSS is scary because it runs in the context of the trusted relationship between your browser and a website; XSS can do everything you can do. XSS cookie theft Let's look at another example of an XSS exploit: stealing administrative...

Thu Jun 27, 2013 11:57

Build your own newsfeed

Ready to give it a go?
Start a 14-day trial, no credit card required.

Create account