Chapter 2. Security Principles and Vulnerabilities outside Drupal
A brief review of other parts of the attack surface that could expose your site
Now that you are frightened by what can go wrong inside Drupal code, let's review what can go wrong at some of the other layers outside Drupal. At the same time you'll learn some more principles of security that will help keep your site safe.
The following section, "Server and Network Vulnerabilities," covers a few of the most common and widely applicable ways that people make their sites insecure. The section covers bugs and configuration issues at all layers of the LAMP stack.
The second section, "Social and Physical Vulnerabilities," gives a brief description of how an attacker can compromise your site without ever using a code vulnerability.
Note that this is not an exhaustive review of these vulnerabilities but is intended to provide some advice about important vulnerabilities.
NOTE
For more information, consider the book Security Complete, 2nd edition, by John Paul Mueller, Wiley Publishing, 2002 (http://ca.wiley.com/WileyCDA/WileyTitle/productCd-0782141447.html), which covers a broad range of general security topics, though not application security as this book does. The bibliography at the end of the book has other recommendations on general security books.