Drupal is a free Content Management System (Content Management System) and Open Source. This tool gives the opportunity to create and manage websites very simply and does not require any special technical knowledge. Drupal is the third most used CMS in the world with 5.5% market shares, which represents more or less 800,000 websites. Very popular with medium and large companies because, once well-configured, it is very complete but still remains less accessible to individual developers than its old enemy : Wordpress.
Like its competitors, it is possible to develop plugins without necessarily being a professional developer. These ones are available on Drupal's "market place".
Being an open source CMS, Drupal doesn't avoid cyber attacks. Plugins and themes are developed by the Drupal community but aren’t always verified by professionals. These ones can cause vulnerabilities which could endanger your website availability and your data integrity.
Drupal users may remember "Drupageddon", named like this because of the potential impact of exploiting this vulnerability. Version 7, lower than 7.32, was vulnerable to an attack by SQL injection . This flaw allowed a hacker to log into your website with administrator rights. In case of attack success, its author was able to execute PHP commands, escalate privileges, install backdoors on the victim's system ... The vulnerability was publicly disclosed by Drupal on October 15, 2014, using the identifier: CVE-2014-3704 . An update has been applied by Drupal developers to correct this vulnerability. As always, if the update has not been installed, the site still remains vulnerable.
HTTPCS experts developed a plugin to identify and validate website. Once validated, it can be analyzed by our vulnerabilities detection technology. Aware of the impact caused by the vulnerabilities present in the CMS, our tool will enable you to ensure the security of your website despite the multiple updates of themes, plugins and the software itself. Do not wait to be victim of an attack to protect your website. Take a proactive approach using HTTPCS technology.
Our "HTTPCS Validation" plugin will be available for free soon. Once installed you will have to fill in some informations about your contact details. The plugin will make a unique file on your server which will allow the HTTPCS service to validate your website. This identification file is essential to our technology. Without it, you will not be able to launch the vulnerability scanner.