C.2. General Security Resources
The following sections outline various Internet resources related to web application security and general system security.
C.2.1. PHP.net
- Security Handbook
The PHP project's main website is at php.net and contains an enormous amount of information about the PHP language. Because Drupal is primarily written in PHP, the php.net website's information about security can be quite valuable. The php.net manual contains a section dedicated to security at http://www.php.net/manual/en/security.php. These resources cover server-configuration issues but are a relatively brief review of the kinds of issues related directly to security within Drupal.
C.2.2. OWASP
The Open Web Application Security Project is a community of people around the world whose mission is to improve web application security. OWASP achieves its mission through several programs:
The OWASP website has a lot of information about security, including a Top Ten list of the most important vulnerabilities and documentation on relevant topics.
The members host and support many security projects—code, documentation, and research—that are organized within OWASP.
They hold meetings—local, regional, and international—to help people communicate about the state of the art in web application security and also work together on strategies to protect sites.
Two particularly valuable projects include:
The OWASP Guide Project: http://www.owasp.org/index.php/Category:OWASP_Guide_Project ...
Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
