Submitted by Jakub Suchý on Mon, 03/01/2010 - 14:06
Top 22 resources and links about Drupal security for coders, admins and management.
Developers
- Writing secure code - SQL security.
- Why does Drupal filter on output?
- User input - Cross Site Scripting - using check_plain/markup.
- Handling user input again - using placeholders for t(), user input in Forms.
- check_plain() at API.drupal.org.
- check_markup() at API.drupal.org.
- Cross Site Request Forgery - handle forms securely.
- Safely impersonating another user.
- Using eval() in Drupal.
- db_rewrite_sql() - when to use and why.
Administration
- Potentially dangerous user permissions.
- How to report a security issue (Do not disclose it! Contact Security team first!)
- Acquia - commercially supported Drupal.
- Securing PHP with Suhosin.
Management & Watch list
- Drupal Security - list of Core Security Announcements.
- Drupal Security - list of contrib announcements.
- Public Service Announcements.
- RSS: Drupal core.
- RSS: Contributed projects.
- RSS: Security PSAs.
- Security risk levels.
- Security team & which versions of Drupal are supported.
Ad: Contact us if you need an audit of your custom code or help with securing your site or server.
Bookmark/Search this post with:
Jakub is owner and founder of Dynamite Heads. Jakub is a member of Drupal Security Team and supports Czech Drupal community at Drupal.cz
Post new comment