Home

What Kinds of Security Problems Exist in Drupal?

in

As part of writing the book I did some analysis looking at all of the security announcements in the history of the Drupal project.

This pie chart shows which are the most common kinds of problems in the project:

security weaknesses in Drupal

As you can see, XSS is the most common issue - almost covering 50%. Access Bypass, CSRF, SQL Injection, and Code Execution are the next most common making up a about a quarter of the weaknesses.

It's important to note that these are only vulnerabilities for which there has been a Security Announcement. Many more exist only on an individual site with improper configuration or a custom module or theme and can never be included in an analysis like this.

Comments

Impressiv graph

Submitted by billigfliegen (not verified) on Tue, 09/01/2009 - 17:20.

I didn´t have known that XSS is so much! Thank you for this amazing graph.

I'm really surprised that SQL

Submitted by Drupal Theme Garden (not verified) on Wed, 03/03/2010 - 05:53.

I'm really surprised that SQL Injection vulnerabilities are so frequent.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h3> <blockquote> <br>
  • Lines and paragraphs break automatically.

More information about formatting options