Blog /Technology

Pentesters use various tools during an audit to save time and find as many security errors as possible. Some activities can’t be done manually within a reasonable time. An example is the detection of all subpages of a website. There are paid and free tools that allow this to be done. Vulnerability scanners are also created and actively developed. They include solutions that support pentesting.

In the developer's work, it's important to write good-quality code efficiently. We may try to handle everything by ourselves or use the tools that facilitate and accelerate our work. There are many available solutions on the market, so we've decided to make the choice easier for you and suggest what to pay attention to when looking for this type of software, and which specific systems you should be interested in.

DevOps is undoubtedly one of the most popular terms in the IT world. Among the prerequisites for working as a DevOps engineer are the skills in the field of software development and knowledge of its implementation processes. Due to the wide range of technologies and the need for having specialist knowledge, it's essential to choose the right tools for work.

Single Page Application is a completely new approach to how web pages operate and behave. This technology offers opportunities for creating interactive websites which look more like a native application than a traditional web page.

Even the best security audit of a website or application will be of little use if we don't document the detected threats, steps for reproduction, potential threats resulting from their use, and recommendations for fixing the bug. We'll show you how to prepare a detailed report step by step.

Two factor authentication (2FA) is an increasingly popular functionality on websites, and this article will teach you how to completely implement it on a Drupal 9 or 8 site.

Website reconnaissance is one of the elements of a security audit. This task can be automated to some extent by choosing one of the free, open-source programs available on the web. One of such tools is Droopescan.

In the previous parts, we focused on Drupal configuration and the overview of modules and libraries. In the third part of the series on conducting a security audit, we'll focus on the overview of custom modules and themes. We'll perform an audit of the project repository, identify and analyze the elements worth paying attention to during the auditing process.

In the first part of the series on Drupal security audits, we described how to review modules and libraries. However, modules and dependencies will be useless if any user will be able to see our custom routing where we display all the client information. Therefore, in this article we'll look at the configuration of our website. Correct configuration is one of the key elements affecting security.

A security audit is the process of identifying security threats that can lead to unauthorised access to content, data leaks, bypassing the security, and other dangers. In the first part of the series on conducting a security audit, we'll focus on the overview of the Drupal module versions that we use at Droptica for this purpose, as well as on PHP and JavaScript libraries.