http://crackingdrupal.com/taxonomy/term/47/0 en http://crackingdrupal.com/blog/greggles/what-kinds-security-problems-exist-drupal <p>As part of writing <a href="http://www.amazon.com/Cracking-Drupal-Bucket-Greg-Knaddison/dp/0470429038/">the book</a> I did some analysis looking at all of the <a href="http://drupal.org/security">security announcements</a> in the history of the Drupal project.</p> <p>This pie chart shows which are the most common kinds of problems in the project:</p> <p><img alt="security weaknesses in Drupal" src="http://crackingdrupal.com/sites/crackingdrupal.com/files/429075_01_01.png" /></p> <p>As you can see, XSS is the most common issue - almost covering 50%. Access Bypass, CSRF, SQL Injection, and Code Execution are the next most common making up a about a quarter of the weaknesses.</p> <p>It's important to note that these are only vulnerabilities for which there has been a Security Announcement. Many more exist only on an individual site with improper configuration or a custom module or theme and can never be included in an analysis like this.</p> http://crackingdrupal.com/blog/greggles/what-kinds-security-problems-exist-drupal#comments data analysis drupal statistics Planet Drupal Fri, 21 Nov 2008 22:51:18 +0000 greggles 5 at http://crackingdrupal.com