Simple steps to improve security on your Drupal site
https://www.zyxware.com/sites/default/files/styles/user_image/public/pictures/zyxlogo.png?itok=NCFkMd_w
BY webmaster
9 years ago
Drupal

To ensure the security of confidential data in your Drupal site, testing has to be done to determine whether it protects its data and at the same time maintains its functionality. Web applications are always prone to unauthorized access to or modification of sensitive information. The testing done on the applications to remove such anomalies is called security testing.
The following are some of the test cases for assuring the security of a Drupal website

Authentication

  • Test whether captcha is set to assure that the application keeps unauthorized users from accessing the Drupal site.
  • Test whether the account should be locked after a determined number of failure attempts.
  • Test whether the admin gets alerts or notification when the account is blocked due to failure attempts.
  • Test whether security question is asked while creating an account.
  • Test whether security question is asked for the password recovery.
  • Test when password is encrypted using Secure Socket Layer (SSL) while sending it .
  • Test whether system prints password characters while entering passwords.
  • Test whether the pages can be accessed by copying and pasting the login URL again without entering the password.
  • Test whether the password field support copy operation.
  • Test if password field is reset to blank while moving next/back .
  • Test whether the password is directly passed through the query string/URL without encryption.
  • Test for the access after the session times out. and session time out settings.
  • Test whether the system asks for changing the password periodically.
  • Test whether the data/pages can be downloaded through FTP or any other source without valid authentication.
  • Test whether the secured pages can be accessed through the browser's history.

 

Access Control

  • Test whether the user can access admin data.
  • Test whether the user should be able to access an unauthorized page by copying and pasting the URL.
  • Test whether clicking the back arrow should redirect a user to the URL of the last users’ login or their last pages visited.

 

Buffer Overflows

  • Test whether all data input fields must have reasonable field Lengths and specific data types.
  • Test the amount of text limit allowed in free form fields.

 

Input Validation

  • Test whether the system accepts illegal characters.
  • Test the maximum length in the field.
  • Test the minimum length in the field.
  • Test the data type.
  • Test whether null value is allowed in the field.
  • Test the format in the field.

 

Cross site Scripting

  • Test whether the generated pages are properly encoded to prevent unintended execution of scripts.
  • Test whether the dynamically generated pages do not contain undesired tags

 

SQL Injection

  • Test whether some query inserted in user input fields is being executed by the application.

 

Improper Error Handling

  • Test whether error messages contain only secured information.
  • Test the response time for the error messages.

 

Session Management

  • Test for session hijacking vulnerability, if your application uses session identifier in the URL.

 

Insecure Storage

  • Test whether information must be protected using strong encryption methods.

 

Conclusion Security requirement will change with respect to the external environment. Constant review and attention to the threat environment is necessary for maintaining a Drupal application's security. For more information, check Drupal Security Tips.


RELATED ARTICLE

/themes/custom/zyxpro_light/images/placeholder.png
more_horiz
close

on 05th October 2012 / by webmaster
Drupal 7 is now the focus of the Drupal community which was previously reserved for Drupal 6. Drupal 7 now has a lot more themes and theme frameworks which were adapted from the previous versions plus new ones created specifically for it. Have a look at the Top 10 themes for Drupal 7. Also check out the Top 10 themes for Drupal 6. If you need to develop your own custom Drupal theme, feel free to get in touch with us for a free consultation.We also provide numerous other Drupal services like Drupal Third Pary Integration and Drupal SEO. Drupal Solution Drupal Drupal 7 Drupal Themes AndySmartly (not verified) access_time 22 Sep 2021 - 04:06 Top themes rock the stage!
/themes/custom/zyxpro_light/images/placeholder.png
more_horiz
close

on 05th November 2012 / by webmaster
You might wish to know how to format a price using PHP which could be useful while theming Ubercart invoices in your Drupal site. Its extremely easy to do that. Read on to find out more. Drupal Ubercart Drupal Issues