8/24/2023 0 Comments Drupal security kit![]() ![]() This section contains settings that boost your website's security performance in terms of XSS-type attacks. Security Kit can be installed in a standard manner, but – as always – we do recommend using composer: composer requires drupal/seckit Settings Cross-site scripting The module does not require any external libraries to work correctly. CORSĬross-origin resource sharing (CORS) is a mechanism that allows you to specify a list of trusted domains from which the user can download resources on your website. HTTP Strict Transport Security (HSTS) security policy that minimises the risk of man-in-the-middle attacks, which entail modifying a request before it even reaches the server. The latter type of attack now even has its own name – Likejacking. Attacks of this kind can be used, for example, to farm likes on the attacker's Facebook page. Anti-ClickjackingĬlickjacking is an exploit which enables an attacker to trick end users by displaying a concealed xframe, which the user can unwittingly click to run a given action on another website. A CSRF attack may, for example, result in the end-user losing their funds, changing their email address linked to the website, changing their password and any other action which the user can perform. Anti-CSRFĬross-Site Request Forgery (CSRF) is an attack type that allows the attacker to trick end users into performing specific actions on a website. There are a number of types of XSS attacks if you want to learn more, you can start exploring them here. XSS may result in leaking data, such as login and password, credit card details, user account information and much more. XSS is a type of website vulnerability that allows the attacker to execute any JavaScript code directly on the end device. Let's take a closer look at what it can do for you! Anti-XSSįeatures that help lower the possibility of exploiting cross-site scripting (XSS) vulnerabilities on your website. The module enables you to define a multitude of security policies – you can find a description of each configuration option in the "Settings" section. Security Kit combined with Drupal offers additional options and features that improve security, reducing the risk of exploiting vulnerabilities on your website, by adding Anti-XSS, Anti-CSRF, Anti-ClickJacking, HSTS and CORS implementations. The vast majority of commits were provided by p0deje (141), jweowu (26) and mcdruid (24).Īs of now, the module has four maintainers: mcdruid, jweowu, badjava, and p0deje. It is currently maintained by Acquia and Catalyst IT. You can find detailed popularity statistics here. The module is used by about 56,000 websites, including 25,000 based on Drupal 7 and 26,000 on Drupal 8. The module is now considered to be feature-complete by its developers – new features are currently not being developed, and the updates focus solely on patches. The latest update was released on 28 August 2020. ![]() The first version of the module was released on 26 March 2011. Today I would like to introduce you to another module that will help you secure your website – Security Kit (SecKit). For example, when auditing an acquired project, we use the Hacked module, and while implementing the solutions required by your projects, we are always taking advantage of the Security Review. We use modules provided by Drupal's outstanding community, which facilitate this process. Thanks to a multitude of features, such as Anti-XSS, Anti-CSRF, Anti-ClickJacking you can get yourself a peace of mind and comprehensively define a security policy for your website.Īt our Drupal agency, we value the security of our customers' websites and make every effort to ensure that the solutions we provide are as bug-free as possible, which is why our development team uses tools to achieve this goal optimally. ![]() Security Kit is a module that helps with eliminating the likelihood of exploiting security vulnerabilities on your website.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |