Cracking Drupal - data analysis en What Kinds of Security Problems Exist in Drupal? <p>As part of writing <a href="">the book</a> I did some analysis looking at all of the <a href="">security announcements</a> in the history of the Drupal project.</p> <p>This pie chart shows which are the most common kinds of problems in the project:</p> <p><img alt="security weaknesses in Drupal" src="" /></p> <p>As you can see, XSS is the most common issue - almost covering 50%. Access Bypass, CSRF, SQL Injection, and Code Execution are the next most common making up a about a quarter of the weaknesses.</p> <p>It's important to note that these are only vulnerabilities for which there has been a Security Announcement. Many more exist only on an individual site with improper configuration or a custom module or theme and can never be included in an analysis like this.</p> data analysis drupal statistics Planet Drupal Fri, 21 Nov 2008 22:51:18 +0000 greggles 5 at