Cracking Drupal: A Drop in the Bucket
2. Security Principles and Vulnerabilities Outside Drupal.
3. Protecting Your Site with Configuration.
4. Drupal's User and Permissions System.
5. Dangerous Input, Cleaning Output.
6. Safety in the Theme.
7. Drupal Access System.
8. Automated Security Testing.Weaknesses in the Wild
9. Finding, Exploiting and Avoiding Vulnerabilities.
10. Un-cracking Drupal.
Appendix A: Function Reference.
Appendix B: Installing Drupal 6 Fresh Out of the Box.
Appendix C: Leveraging Community Resources.
Glossary: Glosssary of Key Terms.
Greg James Knaddison is Principal of Growing Venture Solutions and a dedicated Drupalista. As a member of the Drupal security team, Knaddison has participated in every part of the process including identifying vulnerabilities, creating fixes, testing fixes, and writing security documentation and advisories. He has also contributed modules and publishes the news site DrupalDashboard.com.