9. API
Drupal: PHP, Evolving from hook system
(Symfony and Drupal 8, t checkplain, token
for forms
✦ Joomla: Add-on: Design patterns based,
OO, MVC: jquest, jobjec
✦ WordPress: Hook system, request and db
filtering
✦ SharePoint: Server and client object model:
moving to App model: REST: memory
issues
✦ Liferay: Java, internal and external api
accessspring framework, JSP, similary
filtering hooks, local and remote invocation
(JVM)
13. Security Mangement
✦ Drupal: Security Team: notices, selective
closure, work with developers to identify
and fix, secure coding guide, module
review
✦ Joomla: Joomla Security Team: vulnerable
extension list, secure coding guide
✦ Word Press:lassiez faire, link to wp security
from main sites
✦ SharePoint: Service packs
✦ Liferay: Security team, focused on core
17. Permissions✦ Drupal: Granlar seciryt, easy to create
permissions: access from menu system,
LDAP groups
✦ Joomla: RBC
✦ WordPress
✦ SharePoint: SharePoint groups and roles,
mapped to ad groups, site collection
admins, elevae
✦ Liferay: local
22. Drupal security
incident
✦ Drupal.org compromised
✦ sophisticated automated testing and
deployment
✦ third party
✦ every system has multiple vulnerabilities
heres the presentation from dries. you will note there is no security, it may be implit in many secuirty is one of the biggest marketing points for our clients.
drupal community it is better to learn from other communites, many trends start in java or ruby or python or other , rupal is symfony and wiht this we’d take a look at how drupal compares to some other cms open source and proprietary along a number of dimensions, not meant to be an exaustive comparison, or even that thse are a scientifficall, just a point of discussion. joomla and wordprss are commonly mentioned with drupal as comprisgint the big three cms. they are very difference in terms of audiecne an, but are often presented as compettiros, liferay is a javabased cms that we’ve run across, it is created by a commercial companh, but ther is a commuit offering. finally sharepoint, which is a microsfoft prodcut, microsof is moving into open source and jquery is a core part of ahrepoont and they have an intershinh app security modle.
first you think reppostitofy and where the code lies , easy to revie and test.
drupal has a flexible but complex security m, install new permissions, workbehcn, many access bypass it an be difficutl to manage, shareponit has site collection, need to elevate permisions to have slution do something, word press site administrators, joomla separate admin stie
passwords are broken, we are moving to a two-factor auth system, challenging for a web application, oauth, openid
a key requirement is vulnerability assessment, security review moudle, secure coding
drupal can be configured to be quite secure password policy password complexity and expiration, login se
with fisma and the sans top 20 there is an emphais on continuous moniroting, to find out when something is wroing, there is aother source that has the log information auditing so that , drupal has a stroing auditign feature in watchoh, there are some who don’t run this in production becasue of the performancce hit. can be sent to syslog or mongodb. one of the newest is logstash, open source community splunk wide variety of formats, drupal logstach
