If you can't read please download the document
Upload
martin-martinov
View
927
Download
0
Embed Size (px)
DESCRIPTION
My second presentation at DrupalCamp Sofia 2011 about securing Drupal sites.
Citation preview
2. ! , . . 3.
4. , , . 5. APIs , , 6. !
7. http://drupal.org/writing-secure-code 8. http://drupal.org/security/secure-configuration 9. Cracking Drupal http://crackingdrupal.com/ 10. http://heine.familiedeelstra.com/ 11. http://drupal.org/project/security_review 12. http://drupal.org/project/coder 13. 14. 15. !
16. drupal.org Security Advisory emails. 17. (VCS drush) 18. 19. insecure tools
20. Total Commander, FileZilla? 21. : SSH, sFTP, FTPS, HTTPS 22. - security fix- PHP, Apache, mySQL, etc? 23. !
24. ? 25. ? 26. , 27.
28. 29. Database (SQL) 30. 31. Shell
32. 33. 34. Demo If you can do it, XSS can do it better! 35. 36. Cross Site Request Forgery
37. img . 38. JS . 39. $_GET, $_POST 40. Form tokens URL tokens . 41.
42. http://drupal.org/securityteam/risklevels 43.
44. , PHP include- PHP 45. , : PHP input format 46. http://xkcd.com/327/ 47. SQL Injection
48. 49. , - , hashed passwords, etc. 50. Access Bypass
51. , , , 52. Authentication bypass 53. 54. ? http://mmartinov.com