The Barking Seal

AppliedTrust Goes Drupal!

30Jun

Author: ned Categories: Infrastructure Comments: 0

This month, AppliedTrust re-launched our web site on the CMS called Drupal. Although the “look and feel” of the site hasn’t changed much, this upgrade has been a breakthrough in terms of both performance and manageability. I would give our previous CMS, Joomla, a grade of a B- in comparison to Drupal’s solid A. Here are six reasons why Drupal is a great fit for www.appliedtrust.com:

Essential WordPress Plugins

23Sep

Author: ned Categories: IT Management, Infrastructure Comments: 0

2009-09-23_wpbanner I like WordPress a lot – it’s my #1 tool for simple web sites. We use it for The Barking Seal Blog (this site!), but I also use it for a variety of more traditional sites, including the TechFest website, and even my personal wedding web site!

WordPress isn’t everything, and if you’re looking for a CMS with the longest feature list, don’t bother trying it. But if you want a reasonably-customizable web site that almost any end-user can update, I endorse it. Try WordPress.com if you’re not comfortable managing your own web server.

For the technical folks in the audience, it’s easy to install the free WordPress.org version on any server that supports the LAMP stack (Linux, Apache, MySQL, and PHP). It is infinitely customizable (if you know PHP, HTML, and CSS), but will probably meet most your needs “out of the box”.

If you do use WordPress.org, there are a few plugins that are worth installing… here are the ones that I think every WordPress.org administrator should consider:

The front and back of application security

22Oct

Author: ben Categories: Security Comments: 0

When we think about (or google) application security, most often we’re thinking about the common web application attack vectors – cross site scripting, injection vulnerabilities, and session management. With the prominence of the web as a new delivery platform, and the corresponding security standards and regulations developed around it, there’s no doubt that it needs a lot of attention.

However, there’s a layer between the application’s internal security and the operating system that is less prominent in the eyes of the industry. For convenience, I’ll refer to it as the application platform here. The platform includes the nuts and bolts of integrating the application in to the environment, and includes things like:

File transfers between application components or servers
Log file location, centralization, and audit settings
Database server security (you’re not running SQL as a domain admin, right?)
Server role segregation at the network layer

It’s a combined responsibility of the application and system administrators, along with a data security professional, to ensure that this layer isn’t ignored. Ideally, a full procedure should exist to make the implementation process efficient and tidy.

If you’re hiring a vendor to deploy a fancy new proprietary application, they’re likely not going to be willing or able to ensure that it meets your strict internal security requirements. I’ve even met vendors that hadn’t planned to join their Windows servers to the domain, and tried to insist that it would be a support contract violation! Until we’re all enforcing certain security requirements on vendors, this attitude isn’t likely to change, but that’s a topic for another day.

I cover background and a full process on this at length in the February 2008 issue [PDF] of INSECURE magazine (and in HTML format on the Applied Trust web site).