If you weren’t able to attend DrupalCon Paris at the beginning of the month, well… frankly, you’re not alone. Many of our Western counterparts didn’t make the trek to gay Paris. We didn’t go either, but we’ve decided to direct our effort away from being bitter about missing the show to bringing you some of the great updates from Drupal.
One of our favorite excepts is by Heine Deelstra. Mr. Deelstra is a member of the Drupal Security Team, and he has been a Drupal user for over 4 years. His presentation at DrupalCon focuses on securing Drupal code.
In an exceptionally thorough explanation of some of the biggest threats to Drupal users, Mr. Deelstra reveals the most prevalent and annoying hacker exploits. His presentation explores the cause for attacks like Access Bypass, SQL Injections, CSRF (Cross Site Request Forgery), and XSS (Cross site Scripting). In summary:
- Access Bypass and SQL Injections are completely preventable and should not occur if coders are maximizing Drupal’s API capabilities.
- CSRF and XSS are the most difficult exploits to defend, but (in the spirit of his great CMS) Mr. Deelstra reveals tips on how to avoid these problems.
We can only fault Mr. Deelstra for omitting one key ingredient from his presentation. He didn’t mention how partnering with a secure web hosting provider (like FireHost) can significantly reduce your exposure to these attacks.
So, do something productive with your next hour. Read about our Advanced, Secure Hosting and watch Mr. Deelstra’s great preso!
This entry was posted on Tuesday, September 29th, 2009 at 9:00 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
