Home » Drupal and Google Summer of Code » Google Summer of Code 2008 » Google Summer of Code 2008 Ideas List

Security scanner component for SimpleTest module

For more information or to ask questions about this proposal, speak with chx.

Existing tools such as code-checker.php and Coder module's security checking rules can only analyze the code by regular expression. However, they are not tools for actively simulating XSS/SQL injection attacks and how Drupal would respond to them. The goal of this project is to develop such a tool.

SimpleTest is a framework for enabling automated code checking and has a browser component available which can simulate users entering form data or retrieving certain URLs. The goal of this project would be to develop a Drupal specific scanner which does automated penetration attempts to any Drupal page based on the knowledge of Drupal APIs like form and menu API.

‹ Performance Profiling SystemupSubgroups for Organic Groups Rewrite ›
 
 

Drupal is a registered trademark of Dries Buytaert.