http://crackingdrupal.com/taxonomy/term/49/0 en http://crackingdrupal.com/blog/greggles/free-resources-online-protecting-your-drupal-site <p>There are lots of great resources online about how to secure your Drupal site. The CrackingDrupal.com site is meant to be one of those resources, but there are also others available elsewhere. Here are some of the best resources available from around the internet with Drupal specific security information.</p> <h3>Drupal.org Handbooks</h3> <p>The Drupal.org handbooks are probably the most natural place to look and in fact they have three great areas of resources.</p> <ul> <li><a href="http://drupal.org/writing-secure-code">Writing secure code</a> provides advice about secure code. It can be a bit hard to understand the flow and examples, but this is still a great resource.</li> <li><a href="http://drupal.org/security/secure-configuration">Secure configuration</a> looks at the non-code aspects of configuring your site.</li> <li><a href="http://drupal.org/security-team">Security team</a> provides insight into the policies and procedures of the Drupal Security Team. It's the policies which are most important to a typical user.</li> </ul> <h3>University of Pennsylvania School of Arts and Sciences Pages</h3> <p>The University of Pennsylvania is using Drupal for a lot of different sites. They have been actively reviewing and finding problems in Drupal's contributed modules for over a year now. They are also providing documentation (on their site) about how to secure Drupal.</p> <p>Some examples:</p> <ul> <li><a href="http://www.sas.upenn.edu/computing/drupal-secure-settings">Drupal Security Configuration</a> </li> <li><a href="http://www.sas.upenn.edu/computing/drupal-approved-modules">Drupal approved modules</a> which means that they have reviewed the modules for security problems.</li> <li><a href="http://www.sas.upenn.edu/computing/drupal-security">Drupal security considerations</a> provides some Penn specific and some general advice about Drupal sites.</li> </ul> <h3>Nadeau Software Consulting</h3> <p>The Nadeau Software Consulting company provides an extensive online resource in 3 parts. Their advice comes from a strong system administrator perspective about how to secure Drupal within the Context of Linux/Apache.</p> <ul> <li><a href="http://nadeausoftware.com/articles/2009/05/drupal_and_apache_web_site_security_checklist_part_1">Drupal and Apache Web Site Security Checklist, part 1</a></li> <li><a href="http://nadeausoftware.com/articles/2009/06/drupal_and_apache_web_site_security_checklist_part_2">Drupal and Apache Web Site Security Checklist, part 2</a></li> </ul> <h3>From CrackingDrupal.com</h3> <p>Aside from <a href="http://crackingdrupal.com/blog">this blog</a> there are a few other resources on this site:</p> <ul> <li><a href="http://crackingdrupal.com/blog/ben-jeavons/contributed-modules-securing-your-site">List of security focused contributed modules</a></li> <li><a href="http://crackingdrupal.com/blog/greggles/drupal-text-filtering-decision-cheat-sheet">Text filtering cheat sheet for developers and themers</a></li> <li>A PDF version of <a href="http://crackingdrupal.com/sites/crackingdrupal.com/files/Cracking_Drupal_Chapter_1.pdf">Cracking Drupal Chapter 1</a> and <a href="http://crackingdrupal.com/sites/crackingdrupal.com/files/Cracking_Drupal_Table_of_Contents.pdf">the table of contents</a>.</li> </ul> <h3>Other blog sites</h3> <p><a href="http://acko.net/blog/safe-string-theory-for-the-web">Safe string theory for the web</a> by Steven Wittens is a great resource. One final mention is <a href="http://heine.familiedeelstra.com/">Heine Deelstra's Blog</a> which covers a lot of things but also frequently covers security.</p> <p><em>Edited to include more resources from this site and Steven Wittens site.</em></p> http://crackingdrupal.com/blog/greggles/free-resources-online-protecting-your-drupal-site#comments free resources Planet Drupal Mon, 11 Jan 2010 21:09:40 +0000 greggles 49 at http://crackingdrupal.com