Blog

Topics
Travis CI guy
Blog
3
Posted by Cash Williams at Acquia, Inc. on Nov 14, 2017

For the past 6 years, private Github repositories using Travis CI have been vulnerable to a privilege escalation attack.

Acquia's team at DrupalCon Asia Mumbai
Blog
0
Posted by Jeffrey McGuire at Acquia, Inc. on Apr 19, 2017

If you’re coming to DrupalCon Baltimore and you’re curious about Acquia, there are a couple of ways to meet the company and see what we’re about beyond the marketing and sales efforts that get directed at potential clients. One great way is to come to our sessions!

password screen
Blog
0
Posted by Drew Webber on Apr 3, 2017

People tend to choose bad passwords if they are allowed to.

Drupal Splash Awards Germany 2017
Blog
1
Posted by Jeffrey McGuire at Acquia, Inc. on Mar 16, 2017

Hamburg, March 15, 2017 - Members of the German Drupal community — contributors, service providers, end users — came together to celebrate their successes in 2016 with the world’s leading open source content management system and application platform at the 2017 German Splash Awards.

Blog
2
Posted by Peter Wolanin on Aug 16, 2016

Do you let users upload files to your Drupal site? You know that "user" is a synonym for attacker, right?.

Drupal logged PHP messages on screen
Blog
2
Posted by Jeff Geerling on Jun 30, 2016

Many developers who work on Drupal (or other web/PHP) projects have error reporting disabled in their local or shared dev environments.

Blog
6
Posted by Heather James on Jun 16, 2016

Good security practices protect your site from hacker attacks. In this article we'll look at some methods for reducing security risks on your site. 

Drupal 8 logo
Blog
1
Posted by Jeffrey McGuire at Acquia, Inc. on Apr 5, 2016

Each day, more Drupal 7 modules are being migrated to Drupal 8 and new ones are being created for the Drupal community’s latest major release. In this series, the Acquia Developer Center is profiling some of the most prominent, useful modules, projects, and tools available for Drupal 8. This week: simpleSAMLphp Authentication.

Drupal 8 logo
Blog
2
Posted by Jeffrey McGuire at Acquia, Inc. on Feb 25, 2016

Each day, more Drupal 7 modules are being migrated over to Drupal 8 and new ones are being created for the Drupal community’s latest major release. In this series, the Acquia Developer Center is profiling some of the most prominent, useful modules available for Drupal 8. This week: Honeypot.

Blog
1
Posted by Adam Malone on Sep 11, 2015

Regardless of whether you’re developing a Drupal website or a Drupal module, you have to be aware of how visitors and users will interact with things.

Blog
2
Posted by Peter Wolanin on Aug 27, 2015

Security is very hard to bolt on to any software or product after it has been built. Building it into the core of the code helps to avoid mistakes, and thus the upcoming release of Drupal 8 tries to build in more security by default, while still being usable for developers and site builders. This list of 10 security improvements is not exhaustive - some are just a line or two to handle an edge case, and there are others I may have overlooked. I've contributed to a number of these improvements, but they reflect overall the community consensus as well as reactions to problems that required security releases for Drupal core or contributed modules in the past. For each point I've tried to include a link or two, such as the Drupal core change record, a documentation page, or a presentation that provides more information. Some of these may also be possible to back-port to Drupal 7, to benefit you even sooner. A "7.x back-port" link indicates that.

For context on why these 10 improvements are important, I looked at past security advisories (SAs) as well as considering the kind of questions we get here at Acquia from companies considering adopting Drupal. In terms of past SAs, cross-site scripting (XSS) is the most commonly found vulnerability in Drupal core and contributed modules and themes.

Blog
1
Posted by Acquia Dev at Acquia on Jul 1, 2015

Identity theft and site compromises are all-too-common occurrences -- it seems a day rarely goes by without a news story detailing the latest batch of user passwords which have been compromised and

Blog
0
Posted by Acquia Dev at Acquia on May 7, 2015

This is the first of a series of security-related postings, which Acquia will compile into a free ebook.

Blog
1
Posted by Acquia Dev at Acquia on Oct 16, 2014
Topics