[OWASP-Malaysia] Security By Obscurity Is No Security

Harisfazillah Jamel linuxmalaysia at gmail.com
Tue Jun 21 01:46:02 EDT 2011


Team,

A) Hide, obscure, or remove clues that a site runs on Drupal

The short answer is :

You can't. Do not try

In summary

Security by obscurity is no security. It gives a false impression of
being 'safe' when you are only hiding vulnerabilities behind a
smokescreen that any attacker that posed any real threat would be able
to see through.

Patch Patch Patch your OS and your application


>From Drupal Security page

http://drupal.org/security/secure-configuration

Hide, obscure, or remove clues that a site runs on Drupal
http://drupal.org/node/766404


B) Joomla Security Checklist


http://docs.joomla.org/Category:Security_Checklist
-------------- next part --------------
A non-text attachment was scrubbed...
Name: drupal-security-white-paper-1-1.pdf
Type: application/pdf
Size: 2616330 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20110621/18630af2/attachment-0001.pdf 


More information about the OWASP-Malaysia mailing list