Growing Venture Solutions - GVS - Security http://growingventuresolutions.com/taxonomy/term/94/0 en Outer.net - Security Review for Drupal http://growingventuresolutions.com/portfolio/outer-net-security-review-drupal <div class="field field-type-filefield field-field-client-image"> <div class="field-items"> <div class="field-item odd"> <img class="imagefield imagefield-field_client_image" width="190" height="110" alt="" src="http://growingventuresolutions.com/gvsfiles/outernet_thumb.png?1270655693" /> </div> </div> </div> <div class="field field-type-filefield field-field-client-image-main"> <div class="field-items"> <div class="field-item odd"> <img class="imagefield imagefield-field_client_image_main" width="314" height="210" alt="" src="http://growingventuresolutions.com/gvsfiles/outernet_big_0.png?1270655888" /> </div> </div> </div> <p>OuterNet, a large data center operator in the southern United States, provides custom server and application management for a variety of clients across the world.</p> <p>When a client brought them a Drupal-based application for sharing sensitive files they wanted to make sure that the site was secure and learn what application management practices needed to be put in place to keep the site secure.</p> <p>They turned to Growing Venture Solutions to receive a <a href="http://growingventuresolutions.com/services/security-review-service-drupal-sites">Security Review</a> led by Ben Jeavons with support from Greg Knaddison and Steve Harley.</p> <h3>Security review Process and Findings</h3> <p>Ben started with a fundamental review of the features of the site to understand it's needs, then checked to see if any modifications were made to the core and contributed code on the site. Automated tools and manual review were run on the site to discover issues. In the end the site was found to be generally sound but with 5 critical vulnerabilities and 4 less critical vulnerabilities. The review concluded with our standard report and a meeting to discuss the findings giving Outer.net an opportunity to learn about securing this site and Drupal sites in general.</p> <h3>Stats for identified issues</h3> <ul> <li>vulnerabilities in core - zero</li> <li>vulnerabilities in contributed modules - zero</li> <li>vulnerabilities in configuration - one critical, three less critical</li> <li>vulnerabilities in process - one critical</li> <li>vulnerabilities in custom code - multiple vulnerabilities in a<br /> disabled custom theme</li> </ul> <p>This review follows the trends we see in other sites: it's more likely to find mistakes in configuration or custom code than it is to find them in core or contributed modules that are reviewed by the community. The site was also running older versions of Drupal core and several contributed modules that have security releases. Published exploits exist in older versions of core and contributed modules with security releases.</p> <p>To help address these consistent configuration and developer education issues GVS has created the <a href="http://drupal.org/project/security_review">Security Review module</a> and offers <a href="http://crackingdrupal.com/">books</a> and training at Drupalcamps and Drupalcons.</p> <div class="field field-type-link field-field-client-site-link"> <div class="field-items"> <div class="field-item odd"> <a href="http://www.outer.net/">visit the site</a> </div> </div> </div> Security Enterprise Wed, 07 Apr 2010 15:54:54 +0000 Greg 917 at http://growingventuresolutions.com University Corporation for Atmospheric Research http://growingventuresolutions.com/portfolio/university-corporation-atmospheric-research <div class="field field-type-filefield field-field-client-image"> <div class="field-items"> <div class="field-item odd"> <img class="imagefield imagefield-field_client_image" width="190" height="110" alt="" src="http://growingventuresolutions.com/gvsfiles/ucar-teaser_2.gif?1258752685" /> </div> </div> </div> <div class="field field-type-filefield field-field-client-image-main"> <div class="field-items"> <div class="field-item odd"> <img class="imagefield imagefield-field_client_image_main" width="350" height="262" alt="" src="http://growingventuresolutions.com/gvsfiles/ucar-main.jpg?1258752211" /> </div> </div> </div> <p> The University Center for Atmospheric Research (UCAR) in Boulder has adopted Drupal as an organization-wide standard for deploying websites. One of the intranet sites UCAR needed was a system for managing the tutorials and FAQs that help administrative employees navigate through the center's guidelines, processes and procedures.</p> <p>Growing Venture Solutions worked with stakeholders from across the organization to design a knowledge management system to reduce the work for administrators and to improve access to relevant information. GVS also trained in-house web developers and designed an efficient workflow for transferring existing content into the new Drupal site.</p> <div class="field field-type-link field-field-client-site-link"> <div class="field-items"> <div class="field-item odd"> <a href="http://www.ucar.edu/">visit the site</a> </div> </div> </div> Module Development Site Architecture Training Information Architecture Theming Security Education Enterprise Government Fri, 20 Nov 2009 21:23:31 +0000 evelyn 732 at http://growingventuresolutions.com