Zerodayscan and Drupal: finding bugs for fame

If you use Drupal or are considering using Zerodayscan, please read Heine Deelstra's post about Zerodayscan.

As a Drupal user you should feel confident that Drupal's belief in "secure by default" doesn't override the goal of creating easy to use sites by default. It is often a balance between the two and in this case Drupal is choosing to be more usable rather than more secure.

If you are thinking of using Zerodayscan, consider the "research" they are doing and the way they promote the "vulnerabilities" that they find. There are better security products out there...

Comments

Avoid www.zerodayscan.com like the plague

Submitted by Anonymous (not verified) on Tue, 01/25/2011 - 21:01.

www.zerodayscan.com is a phishing site that attempts to compromise websites via javascript injection.

The Book, The Report

Cracking Drupal: A Drop in the Bucket

Written by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal and how to prevent them from continuing.

Drupal Security White Paper

Curious about Drupal's security? Consider Drupal but want to make sure it's good enough? Read the Drupal Security Report

Security Review Module

If you are concerned about whether your site is secure, consider using the Security Review Module to get a free review of your site's security health. Did it find problems? Consider hiring a security expert from Drupal Scout to audit your site.

Recent Blog Posts

Improvements to Security in Drupal 7

Posted by greggles

0 comments
Why counting vulnerabilities is not a sufficient method of comparing product security

Posted by greggles

0 comments
Notes from Linux Security Tunables by Kees Cook

Posted by greggles

0 comments