Blog /Technology

Even the best security audit of a website or application will be of little use if we don't document the detected threats, steps for reproduction, potential threats resulting from their use, and recommendations for fixing the bug. We'll show you how to prepare a detailed report step by step.

Two factor authentication (2FA) is an increasingly popular functionality on websites, and this article will teach you how to completely implement it on a Drupal 9 or 8 site.

Website reconnaissance is one of the elements of a security audit. This task can be automated to some extent by choosing one of the free, open-source programs available on the web. One of such tools is Droopescan.

In the previous parts, we focused on Drupal configuration and the overview of modules and libraries. In the third part of the series on conducting a security audit, we'll focus on the overview of custom modules and themes. We'll perform an audit of the project repository, identify and analyze the elements worth paying attention to during the auditing process.

In the first part of the series on Drupal security audits, we described how to review modules and libraries. However, modules and dependencies will be useless if any user will be able to see our custom routing where we display all the client information. Therefore, in this article we'll look at the configuration of our website. Correct configuration is one of the key elements affecting security.

A security audit is the process of identifying security threats that can lead to unauthorised access to content, data leaks, bypassing the security, and other dangers. In the first part of the series on conducting a security audit, we'll focus on the overview of the Drupal module versions that we use at Droptica for this purpose, as well as on PHP and JavaScript libraries.

Laravel is known for its high intuitiveness and comfort of code-writing. Many things were designed by the Laravel creators to simplify the programmers' work with this framework. It’s the same when working with the database. The documentation will be a valuable source of information for you. However, in this text, I'll show you the aspects that aren’t included there. Thanks to them, your work with the database in Laravel will reach a higher level.

Writing code according to the standards allows you to speed up the project creation. It's more easily extensible and more legible – thanks to this, new people on the project can more quickly deploy and provide optimal solutions. The PHP community is constantly striving to improve code quality. Tools to assist in writing the code that is compliant with the standards have been developed over the years. In this text I'll present one of them: PHP_CodeSniffer.

Everyone learns from mistakes. In this article I will point out a cardinal one, which leads to a situation where the controller contains several hundred lines of code and becomes unreadable and very difficult to maintain. However, I will present a few ways to solve it.

In the era of increasingly distributed architecture of applications and web portals, there is a need to provide flexible methods of authentication while maintaining convenience for the user. From this article, you will learn how to easily create an authentication server and client application in Drupal using OAuth2 and OpenID Connect.