Card.com là 1 platform Securing, có hỗ trợ Open Source như Drupal 7

Card.com là 1 platform Securing, có hỗ trợ Open Source như Drupal 7

Finding and fixing bugs is a lot easier when the bug-finding process is crowdsourced and the underlying technology is open source.

Card.com là 1 platform Securing, có hỗ trợ Open Source như Drupal 7Finding and fixing bugs is always a challenging task, but it's a task that prepaid card vendor Card.com is making easier by leveraging crowdsourcing for its bug-funding efforts. Part of the Card.com platform is built on top of open-source technology, including the Drupal content management system, which is a key component in enabling Card.com to more easily fix bugs that are found.

Greg Knaddison, Card.com's director of engineering, explained to eWEEK that his company has been using the Bugcrowd security vulnerability crowdsourcing technology in a bid to accelerate its efforts at finding bugs. Bugcrowd is a managed service that helps organizations crowdsource their bug-finding efforts. Knaddison said that before engaging with Bugcrowd, Card.com was not getting as many bugs reported to it by security researchers as it had hoped.

With Bugcrowd, Knaddison said that Card.com has been able to get an increase in both the volume and quality of bug reports that it receives. The way it works is that Bugcrowd has its own community of security researchers that reaches a wider audience than Card.com could reach on its own. While Bugcrowd manages the bug-tracking platform, Card.com currently is responsible for understanding, validating and fixing the reported security issues, according to Knaddison. Bugcrowd does have a service to help organizations validate issues, though Knaddison said it's not something that Card.com is currently using.

Some organizations choose to use Web Application Firewall (WAF) technology to implement network layer protections for application vulnerabilities, but that's not the path that Card.com is taking. Bug fixes for Card.com could well have a much broader impact than just the Card.com site, since the open-source Drupal content management is used as the content management system.

"We're heavily involved in Drupal. I'm a member of the Drupal security team and the former lead of the team for over two years," Knaddison said. "So it's an area where we have a fair amount of expertise and depth, and we feel that our situation is best served by fixing vulnerabilities directly in the software itself."

Knaddison noted that there have been situations where his team has made security fixes to the Card.com site that also had relevance to the main Drupal platform. In those situations, Card.com has contributed the patches upstream to the Drupal security team.

When it comes to data breaches, the most often cited vulnerability of the past decade has been SQL injection vulnerabilities. Thanks in large part to the efforts of the larger Drupal community, SQL injection is not something that Card.com has seen lately.

"SQL injection vulnerabilities were one of the top vulnerabilities in Drupal back in 2005," Knaddison said. "Since then, there have been some significant improvements in the Drupal database API with the release of Drupal 7."

Drupal 7 was first released back in 2010 and is the version that is used by Card.com. Knaddison said that in Drupal 7 it's a lot harder for a site to introduce an SQL injection vulnerability.

"Just by leveraging Drupal 7 we haven't seen any SQL injection vulnerabilities in our codebase," he said. Looking beyond just the open-source base and leveraging Bugcrowd for crowdsourcing bugs, there is at least one other key challenge that Knaddison is aiming to solve­—the challenge of passwords.

"I feel like passwords are often the consistent weak link in IT security," he said. "So we're now working on deploying two-factor authentication internally, and we're looking at deploying it on our consumer-facing site in the future." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist. 

Bạn thấy bài viết này như thế nào?: 
No votes yet
Ảnh của Tommy Tran

Tommy Tran owner Express Magazine

Drupal Developer having 9+ year experience, implementation and having strong knowledge of technical specifications, workflow development. Ability to perform effectively and efficiently in team and individually. Always enthusiastic and interseted to study new technologies

  • Skype ID: tthanhthuy
  • Phone/Zalo: (+84) 944 225 212
  • WhatsApp: (+84) 944 225 212
  • Line Messenger: (+84) 944 225 212
  • Email: asaleotestf@gmail.com
  • Telegram Messenger: https:/t.me/tommytran0401

Quảng cáo việc làm

 

Thích hợp các bạn nữ mảng thợ may làm việc tại nước NGA

Đơn hàng Tuyển dụng 100 Thợ may đi Nga(đợt 1 tháng 3.2021, đợt 2 tháng 5.2021). Lương thực lãnh 800 USD, bao ăn ở, vé máy bay và visa, phí xuất cảnh(1800 USD)trả khi đi làm có lương. Bạn có thể liên hệ CÔNG TY qua Phone/Zalo: (+84) 944 225 212. Công ty sẽ tư vấn cho bạn.

Xem chi tiết: >>> https://bit.ly/3o9NOfR

Tìm kiếm bất động sản

 

Advertisement

 

jobsora

Dich vu khu trung tphcm

Dich vu diet chuot tphcm

Dich vu diet con trung

Quảng Cáo Bài Viết

 
Một số điều cần tránh khi sử dụng hàm t() trong Drupal 7

Một số điều cần tránh khi sử dụng hàm t() trong Drupal 7

But, if you're writing a module that stores its data outside variables or entities, you might notice a few gaps.

Bạn đã từng biết Drupal’s Community Working Group chưa?

Bạn đã từng biết Drupal’s Community Working Group chưa?

In early 2013 our fearless and benevolent leader, Dries Buytaert, formalised a governance structure and started a number of working groups for the Drupal project as a whole, and for our home on the Web

Domain Authority là gì?

Domain Authority là gì?

Domain Authority (DA) là một thước đo của SEOmoz dùng để dự đoán “sức mạnh” của website này so với website khác trên bảng xếp hạng của các SE. DA là một điểm số duy nhất được tính toán bằng sự kết hợp của linking root domain, tổng số lượng liên kết, mozRank, mozTrust và một số yếu tố khác.