Help protect the website from attackers or bad actors, by identifying, preventing, or mitigating security vulnerabilities.

XMLRPC API

There are better systems for doing XMLRPC calls, e.g. look at http://drupal.org/project/services

Categories: Developer tools, Security

htmLawed

Screenshot / configuring htmLawed filter in Drupal 8

The htmLawed module uses the htmLawed PHP library to restrict and purify HTML for security and compliance with web standards and admin policy. htmLawed is open-source, single-file, fast, highly customizable, well-documented.

Categories: Actively maintained, Under active development, Content editing experience, Content display, Security

Security scanner component for SimpleTest module

Automated XSS scan of your Drupal website through Simpletest.

This project is based on SimpleTest library which is developed to execute unit and browser testing of PHP code. SimpleTest is a framework for enabling automated code checking and has a browser component available which can simulate users entering form data or retrieving certain URLs. Within Drupal there is a team focused on the development of this recent module. Anyway, based on the results presented in GHOP (http://code.google.com/p/google-highly-open-participation-drupal/issues/...) concerning penetration testing, I would add a vulnerability analysis test for Sql Injection and Cross Site Scripting.
This project is inspired by the scanner developed within Yahoo by Rasmus Lerdorf to detect the vulnerabilities in the web application, but that scanner is not open source.
Existing tools such as code-checker.php e Coder module's are based on the research of regular expressions within the code, but no tool exists to simulate such attacks to detect vulnerabilities.

How to use it

Categories: Security

Hashcash

Hashcash is a module which implements the Hashcash algorithm to help protect sites from spam.

Categories: Actively maintained, Under active development, Security

Devel Node Access

Please note: DNA for D8+ is incomplete – don't rely on it to give comprehensive information!

Formerly part of the Devel module package, Devel Node Access (DNA) displays information related to the node access mechanism of your Drupal installation.

The {node_access} table and functionality are part of Drupal core, but they lie dormant until you install one or more node access modules that supply entries into the {node_access} table. Each node access module provides different strategies for controlling what each user can do with your nodes.

DNA has three audiences:

  • It helps Drupal admins understand what is happening on their site, visualize how node access modules interact, verify that their customizations give the intended results, and finally answer the famous question: Why does this user have access to that node?
  • It helps module and website support diagnose issues with node access on remote sites by instructing their clients to post screenshots and/or cut&paste listings of DNA output.
  • It helps node access module developers implement and test proper behavior of their modules.

DNA is a tool for module and site development; it is not intended to run continuously on production sites, and its output is of no interest to website visitors, but if you run any node access module, DNA will help you with your work.

Categories: Seeking new maintainer, Under active development, Content editing experience, Developer tools, Security

OAuth 1.0

This module implements the OAuth 1.0 standard for use with Drupal and acts as a support module for other modules that wish to use OAuth.

For OAuth 2.0, install the Oauth 2.0 module instead of this one.

Categories: Seeking co-maintainer(s), Under active development, Administration tools, Security, Integrations

Pages

Subscribe with RSS Subscribe to RSS - Security