Web News

Appnovation Technologies: Simple Website Approach Using a Headless CMS: Part 1

Web - बुध, 02/06/2019 - 3:00पूर्वान्ह
Simple Website Approach Using a Headless CMS: Part 1 I strongly believe that the path for innovation requires a mix of experimentation, sweat, and failure. Without experimenting with new solutions, new technologies, new tools, we are limiting our ability to improve, arresting our potential to be better, to be faster, and sadly ensuring that we stay rooted in systems, processes and...
वर्ग: Web

A $55 fix for your TV's terrible speakers - CNET

Webware - 8 hours 31 मिनट पहले
The Bohm B2 sound bar should be a big step up for your TV-watching experience. And it's a Bluetooth speaker, too. Plus: A sweet deal on a folding Bluetooth keyboard.
वर्ग: Web

Amazon Hub lockers now available to 500,000 US residents - CNET

Webware - 8 hours 36 मिनट पहले
Apartment dwellers, that's where you'll find all those packages you ordered.
वर्ग: Web

Adobe Project Rush aims to address social media pros' video woes - CNET

Webware - 8 hours 36 मिनट पहले
In addition to giving us a peek at the newest member of Creative Cloud, Adobe delivered updates to the Lightrooms, Spark Post and XD.
वर्ग: Web

Amazon's Alexa for Hospitality handles hotel checkout, pool time and more - CNET

Webware - 8 hours 40 मिनट पहले
Get ready to start chatting with Alexa in your hotel room.
वर्ग: Web

Amazee Labs: Drupal HackCamp Bucharest

Web - 9 hours 7 मिनट पहले
Drupal HackCamp Bucharest

Only a month has passed since DrupalCamp Transylvania, and already another Drupal Camp has come and gone in Romania. This time it was Drupal HackCamp, organised in the Romanian capital, Bucharest. It was a Drupal Camp with a very specific theme: Security.


Vasi Chindris Tue, 06/19/2018 - 14:29

Throughout the sessions presented at the Camp, one was able to find out what security issues Drupal had experienced in the past, how the Drupal Security team, as well as the Community in general, had dealt with them, what Drupal did to improve the security of the platforms that were developed using the CMS and what can (and should) be done to have a more secure application.

Since I first heard of it, a Camp focused on Drupal security sounded really interesting to me. This is the type of camp every Drupal developer should attend at least once in their career. Actually any web developer for that matter. As we know, security is a very important topic with regards to the web. Even for experienced developers, some things can be very tricky, as an application's security does not only depend on the code. It also depends on how the web server is configured or what kind of third-party libraries your code depends on. Additionally, it also depends on the libraries you are using in development, if they are used to pack or bundle your code, or if they end up touching your code in any other way.

One of the sessions which focused on how Drupal improved its security with each new version, was Peter Wolanin's - 10 Ways Drupal 8 Is More Secure.

In this session, Peter Wolanin first gave a brief introduction to the OWASP Top 10, a list with the top 10 critical security risks that affect a web application. This is not only Drupal related, it applies to any kind of application that is accessible via the web. Next, he pointed out 10 things Drupal 8 implemented that help the developer to avoid those security risks. Among the points he mentioned were, the autoescaping feature implemented in twig (so now everything which gets outputted by twig, is by default, escaped), the automatic CSRF tokens in the route definitions (making it easier for the developer to create links which are valid only for the current user session), the removal of the PHP input filter (which was very dangerous if misused), and the enforcement of trusted host patterns for requests (so that your application will respond only if requested via a host which you actually trust).

As previously mentioned, having a secure app doesn't guarantee that your Drupal is secure. Nowadays, there is a growing interest in having decoupled apps. This means you have a backend which is usually used for content management only (that can be a Drupal site) and a frontend, which is a modern js application, that can be implemented optionally, using a framework like React, Vue.js, and so on. But then you also need to use npm for installing the additional js libraries you need, webpack for creating the javascript bundles for your app, and babel for transpiling your javascript code. So suddenly you start to introduce a ton of other dependencies, which each depend on a lot of other packages. Alexandru Badiu did a presentation called, “JS and Security”, which covered some of those aspects.

So, you do the best you can to write secure code, try to evaluate the dependencies of your project, and make sure that they don't introduce critical security issues, but is that enough? There could still be several security issues which you’re unaware of, which will only be discovered while you are using the application. It would be awesome if we're able to do something to proactively protect us against common security risks.

Bastian Widmer (@dasrecht) presented a talk on this subject, entitled “How Open Source will help you to survive the next Drupalgeddon”, where he showed us a few tips that we can use in advance, in order to respond to potential security issues in future. Besides ensuring you do regular updates for all your app’s dependencies, you could also take some measures at the web server level. For example, only allow index.php to be executed, use a web application firewall or make sure that your operating system is configured properly.

Of course, there had to be a session about the last Drupalgeddon(s), at a Camp focusing on Security. The event’s keynote was by Jasper Mattsson, who actually discovered Drupalgeddon 2. He shared some tips with us on how to find security breaches. He said that there is no secret 'recipe' for that, but a good starting point, is to look for functions which output data, which can do multiple things, perhaps depending on how they are invoked (in which context or with which parameters) or which can trigger code execution.

There is one very important thing to keep in mind if you discover a security breach: do not post it on the regular Drupal issue queue. Instead, follow the instructions on how to report a security issue when you found one. The implications of reporting a security issue inside the regular Drupal issue queue can be very dangerous, as the attackers will then have plenty of time to create an attack until the issue is fixed.

Being in a city with such a rich history, we could certainly not miss the walking tour that the organisers had prepared for us on the Saturday afternoon. During the tour, we saw Bucharest’s most iconic buildings, which have survived all the great historical periods over the last 200 years - the monarchy, two world wars, communism and now democracy.

Drupal HackCamp Bucharest was a really great event, and I hope it takes place next year. It is of great value to all web developers, especially those at the beginning of their careers, as it prepares them for the dangers of the wild world wide web and equips them with the required knowledge to guard against any that may pop up along the way.

वर्ग: Web

Apple fined $6.8M in Australia after Error 53 controversy - CNET

Webware - 9 hours 56 मिनट पहले
One undercover investigation and a year of court proceedings later, Australia takes an AU$9 million bite out of Apple.
वर्ग: Web

Vigil for the health of Julian Assange to take place in London - CNET

Webware - 10 hours 13 मिनट पहले
The vigil coincides with the sixth anniversary of the WikiLeaks founder's self-imposed exile in London's Ecuadorian Embassy.
वर्ग: Web

ADCI Solutions: Drupal modules for a university website

Web - 10 hours 52 मिनट पहले

A website for a university always needs a lot of functionality because of a heavy amount of data managed there. Here you will find the list of Drupal modules which allow you to add new features to any Drupal university website.

Check them out

वर्ग: Web

New shuttle to drive South Australia around town on its own - Roadshow

Webware - 12 hours 21 मिनट पहले
The self-driving electric shuttle will first provide first- and last-mile solutions to the public before adding more routes to its services.
वर्ग: Web

Rare manta ray nursery uncovered in Texas - CNET

Webware - 12 hours 30 मिनट पहले
No one thought to find out why there are more baby rays swimming in the area than elsewhere previously.
वर्ग: Web

Huawei issues open letter to Australia over security concerns - CNET

Webware - 15 hours 11 मिनट पहले
The Chinese telecom giant hits back over criticism that it poses a security risk for Australia's 5G roll-out.
वर्ग: Web

Black Panther star wins hero award, and honors a real hero - CNET

Webware - 15 hours 26 मिनट पहले
Chadwick Boseman won MTV's best hero award, and celebrated James Shaw Jr., who saved lives in the Waffle House shooting.
वर्ग: Web

Couple uses Facebook to raise over $3.45M to reunite immigrant families - CNET

Webware - 16 hours 22 मिनट पहले
The couple from Silicon Valley takes a stand against the US' "zero tolerance" policy on undocumented immigrants.
वर्ग: Web

Adobe Scan can now turn business cards into contacts - CNET

Webware - 17 hours 35 मिनट पहले
Because business cards refuse to die.
वर्ग: Web

An IBM computer debates humans -- and wins -- in a new, nuanced competition - CNET

Webware - सोम, 06/18/2018 - 11:13pm
Welcome to computational argumentation. IBM's Project Debater won a convincing victory in one debate but a human debater edged it out in another.
वर्ग: Web

Ex-CIA employee charged in leak of classified hacking tools - CNET

Webware - सोम, 06/18/2018 - 11:10pm
Joshua Adam Schulte has been accused of leaking sensitive information to WikiLeaks.
वर्ग: Web

Trump reportedly told Tim Cook iPhones would be spared tariffs - CNET

Webware - सोम, 06/18/2018 - 10:54pm
Cell phones weren't on the list of Chinese goods facing 25 percent US tariffs.
वर्ग: Web

Facebook, Apple and Microsoft among tech companies continuing to criticize Trump - CNET

Webware - सोम, 06/18/2018 - 8:40pm
Silicon Valley CEOs move past cybersecurity and taxes to comment on social issues like gay rights and immigration.
वर्ग: Web

Uber tests out new feature letting people wait for cheaper rides - Roadshow

Webware - सोम, 06/18/2018 - 8:30pm
The feature is currently being tested on Uber employees in San Francisco and Los Angeles, but may be rolling out to consumers soon.
वर्ग: Web