demo

Using XSS to steal access January 31

We've talked about Cross Site Scripting (XSS) before, and for good reason, it's a risk far too many sites are vulnerable to. XSS is scary because it runs in the context of the trusted relationship between your browser and a website; XSS can do everything you can do.

XSS cookie theft

Let's look at another example of an XSS exploit: stealing administrative access to a site.

An attacker will enter Javascript that steals the visitor's browser cookie
An administrator will unknowingly execute this Javascript

The Book, The Report

Cracking Drupal: A Drop in the Bucket

Written by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal and how to prevent them from continuing.

Drupal Security White Paper

Curious about Drupal's security? Consider Drupal but want to make sure it's good enough? Read the Drupal Security Report

Security Review Module

If you are concerned about whether your site is secure, consider using the Security Review Module to get a free review of your site's security health. Did it find problems? Consider hiring a security expert from Drupal Scout to audit your site.

Recent Blog Posts

Improvements to Security in Drupal 7

Posted by greggles

0 comments
Why counting vulnerabilities is not a sufficient method of comparing product security

Posted by greggles

0 comments
Notes from Linux Security Tunables by Kees Cook

Posted by greggles

0 comments