OHM2013: Webapplication (Drupal) security audits

For more information visit: http://bit.ly/OHM13_web To download the video visit: http://bit.ly/OHM13_down Playlist OHM 2013: http://bit.ly/OHM13_pl Speaker: hcderaad Web applications like Drupal offer a nice range of intrusion points for persons with malicious intents. This talk offers some insights in the various layers the applicationplatform consists of and how to harden them. When developing and deploying web applications, the final result is a collection of software all carefully combined to offer a coherent platform. This platform however consists of several loosely coupled items which can, on various levels, offer possibilities of manipulating the deployment. This session offers an analysis of these items and offers some insight in the possible attack vectors these might offer. Focus is not on actually hacking the components but on hardening them, by putting prevention measures (like mod_security) in place. This presentation is derived from a standard auditprocedure which the author follows on a regular basis.