3.1. Stay Current with Code Updates
It's a sad but true fact that most major worms and exploits over the years have targeted known and fixed vulnerabilities. Table 3-1 provides evidence of this unfortunate trend. These issues were large enough to cause significant economic damage to companies and countries, and yet the patches to prevent these worms were released months or even years before the worm was released.
| WORM/EXPLOIT | PATCH RELEASE DATE | WORM DATE |
|---|---|---|
| Santy* | November 2004 | December 2004 |
| Code Red | June 18, 2001 | July 13, 2001 |
| SQL Slammer | July 24, 2002 | January 25, 2003 |
| Sadmind | December 1999 / October 2000 | May 8, 2001 |
NOTE
*Santy was the worm that attacked a site of mine and that first alerted me to the need for attention to security in web applications.
Therefore, one of the most important things you can do to protect your site is stay up to date with new releases of the code you use. Keeping your site up to date is a two-step process:
Learning about the updates
Applying the updates
Learning about updated code may seem simple, but the Drupal project often suffers from too much information on a subject, which makes it hard to find the information you need. There are also probably a few dozen ways that you can update your code, which can be confusing. The next sections present some best practices to keep on top of the rapidly changing Drupal project.
3.1.1. Staying Informed about Code Updates
There are three primary ways to stay informed about code updates, and I have listed ...
Get Cracking Drupal®: A Drop in the Bucket now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
