Summary
In this chapter, we learned about the international effort to track security vulnerabilities in computer hardware and software, before drilling down into how security vulnerabilities in Moodle are managed and maintained.
We learned that we need to be part of Moodle’s responsible disclosure process – not only if the skills learned in Chapter 9 lead to us discovering a new vulnerability but also so that we can be notified of a new security issue in a timely manner.
Then we explored just a few of the many tools – both commercial and free – that can be used to scan a Moodle installation for known vulnerabilities. Particularly important is ensuring customizations are properly scanned. If you have paid for custom branding for your Moodle site, then you may have been sold a custom plugin without you even realizing it. We explored tools to allow developers to scan their code and give both themselves and you confidence in any extra plugins being deployed...