Security in DrupalStéphane Corlosquetscorlosquet@gmail.comTraining at NYCamp 2012
General tips●   Use HTTPS, SSH, SFTP●   Strong password policy●   Server – LAMP stack●   Require SSH keys●   Keep your sit...
Drupal 7●   Stronger password hashing / salt●   Login flood control       –   prevents brute-force credential guessing●   ...
Modules enhancing security●   Secure login●   Password policy●   Paranoia●   Hacked!●   Permissions Lock
Security process●   Ongoing maintenance●   Cost●   Managed hosting●   Drupal.org packaging infrastructure
Security process●   Drupal Security Team    ●   Keep Drupal code secure in core and contrib    ●   Educate the community o...
Security process
Developers & site maintainers●   Follow Drupal APIs and best practices●   Take & verify backups●   Sanitize backups for sh...
Cross Site Scripting
Book on Security in Drupal
References●   DGD7 chapter 6●   http://drupal.org/security●   http://www.drupalscout.com/●   http://groups.drupal.org/best...
Upcoming SlideShare
Loading in …5
×

Security - Drupal Decision Makers training

646 views
570 views

Published on

Presentation on security at the NYCamp Drupal Decision makers

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
646
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security - Drupal Decision Makers training

  1. 1. Security in DrupalStéphane Corlosquetscorlosquet@gmail.comTraining at NYCamp 2012
  2. 2. General tips● Use HTTPS, SSH, SFTP● Strong password policy● Server – LAMP stack● Require SSH keys● Keep your site settings secure – Permissions – Text formats – PHP filter
  3. 3. Drupal 7● Stronger password hashing / salt● Login flood control – prevents brute-force credential guessing● Protected cron – prevents Denial of Service attacks● Update manager – Update module from the web UI
  4. 4. Modules enhancing security● Secure login● Password policy● Paranoia● Hacked!● Permissions Lock
  5. 5. Security process● Ongoing maintenance● Cost● Managed hosting● Drupal.org packaging infrastructure
  6. 6. Security process● Drupal Security Team ● Keep Drupal code secure in core and contrib ● Educate the community on security best practices – Developers – Site builders – Site administrators and users – Decision makers ● Security Advisory for new module releases
  7. 7. Security process
  8. 8. Developers & site maintainers● Follow Drupal APIs and best practices● Take & verify backups● Sanitize backups for sharing
  9. 9. Cross Site Scripting
  10. 10. Book on Security in Drupal
  11. 11. References● DGD7 chapter 6● http://drupal.org/security● http://www.drupalscout.com/● http://groups.drupal.org/best-practices-drupal-security

×