SlideShare a Scribd company logo

Security - Drupal Decision Makers training

S
scorlosquet

Presentation on security at the NYCamp Drupal Decision makers

TechnologyNews & Politics
1 of 11
Download to read offline
Security in Drupal Stéphane Corlosquet scorlosquet@gmail.com Training at NYCamp 2012
General tips ● Use HTTPS, SSH, SFTP ● Strong password policy ● Server – LAMP stack ● Require SSH keys ● Keep your site settings secure – Permissions – Text formats – PHP filter
Drupal 7 ● Stronger password hashing / salt ● Login flood control – prevents brute-force credential guessing ● Protected cron – prevents Denial of Service attacks ● Update manager – Update module from the web UI
Modules enhancing security ● Secure login ● Password policy ● Paranoia ● Hacked! ● Permissions Lock
Security process ● Ongoing maintenance ● Cost ● Managed hosting ● Drupal.org packaging infrastructure
Security process ● Drupal Security Team ● Keep Drupal code secure in core and contrib ● Educate the community on security best practices – Developers – Site builders – Site administrators and users – Decision makers ● Security Advisory for new module releases
Security process
Developers & site maintainers ● Follow Drupal APIs and best practices ● Take & verify backups ● Sanitize backups for sharing
Cross Site Scripting
Book on Security in Drupal
References ● DGD7 chapter 6 ● http://drupal.org/security ● http://www.drupalscout.com/ ● http://groups.drupal.org/best-practices-drupal-security

Recommended

Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013scorlosquet
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : OverviewWildan Maulana
 
DrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea LegsDrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea Legsericthelast
 
Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Http security response headers
Http security response headers Http security response headers
Http security response headers mohammadhosseinrouha
 
Memcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainMemcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainDrupal Camp Delhi
 
Becoming A Drupal Master Builder
Becoming A Drupal Master BuilderBecoming A Drupal Master Builder
Becoming A Drupal Master BuilderPhilip Norton
 
[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GIT[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GITWong Hoi Sing Edison
 

Recommended

Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013scorlosquet
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : OverviewWildan Maulana
 
DrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea LegsDrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea Legsericthelast
 
Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Http security response headers
Http security response headers Http security response headers
Http security response headers mohammadhosseinrouha
 
Memcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainMemcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainDrupal Camp Delhi
 
Becoming A Drupal Master Builder
Becoming A Drupal Master BuilderBecoming A Drupal Master Builder
Becoming A Drupal Master BuilderPhilip Norton
 
[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GIT[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GITWong Hoi Sing Edison
 
Drupal 7 training
Drupal 7 trainingDrupal 7 training
Drupal 7 trainingRavi Yelluripati
 
Drupal in-depth
Drupal in-depthDrupal in-depth
Drupal in-depthKathryn Carruthers
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thWong Hoi Sing Edison
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Handrus Nogueira
 
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!Taller Negócio Digitais
 
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Handrus Nogueira
 
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Lucas Arruda
 
Drupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersDrupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersArunkumar Kupppuswamy
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered WebsitePratik Jagdishwala
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security HardeningGerald Villorente
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security HardeningGerald Villorente
 
Course_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxCourse_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxssuser020436
 
Best Practices In Moodle Administration
Best Practices In Moodle AdministrationBest Practices In Moodle Administration
Best Practices In Moodle Administrationmoorejon
 
BADCamp 2012- Drupal Support
BADCamp 2012- Drupal SupportBADCamp 2012- Drupal Support
BADCamp 2012- Drupal Supportmeghsweet
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Wildan Maulana
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thWong Hoi Sing Edison
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Paul McKibben
 
Using schema.org to improve SEO
Using schema.org to improve SEOUsing schema.org to improve SEO
Using schema.org to improve SEOscorlosquet
 
DrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgDrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgscorlosquet
 

More Related Content

Similar to Security - Drupal Decision Makers training

Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thWong Hoi Sing Edison
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Handrus Nogueira
 
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!Taller Negócio Digitais
 
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Handrus Nogueira
 
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Lucas Arruda
 
Drupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersDrupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersArunkumar Kupppuswamy
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered WebsitePratik Jagdishwala
 
Course_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxCourse_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxssuser020436
 
Best Practices In Moodle Administration
Best Practices In Moodle AdministrationBest Practices In Moodle Administration
Best Practices In Moodle Administrationmoorejon
 
BADCamp 2012- Drupal Support
BADCamp 2012- Drupal SupportBADCamp 2012- Drupal Support
BADCamp 2012- Drupal Supportmeghsweet
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Wildan Maulana
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thWong Hoi Sing Edison
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Paul McKibben
 

Similar to Security - Drupal Decision Makers training (20)

Drupal 7 training
Drupal 7 trainingDrupal 7 training
Drupal 7 training
 
Drupal in-depth
Drupal in-depthDrupal in-depth
Drupal in-depth
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8th
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
 
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
 
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
 
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
 
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
 
Drupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersDrupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and Coders
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered Website
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
 
Course_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxCourse_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptx
 
Best Practices In Moodle Administration
Best Practices In Moodle AdministrationBest Practices In Moodle Administration
Best Practices In Moodle Administration
 
BADCamp 2012- Drupal Support
BADCamp 2012- Drupal SupportBADCamp 2012- Drupal Support
BADCamp 2012- Drupal Support
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26th
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
 

More from scorlosquet

Using schema.org to improve SEO
Using schema.org to improve SEOUsing schema.org to improve SEO
Using schema.org to improve SEOscorlosquet
 
DrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgDrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgscorlosquet
 
The Future of Search and SEO in Drupal
The Future of Search and SEO in DrupalThe Future of Search and SEO in Drupal
The Future of Search and SEO in Drupalscorlosquet
 
Schema.org & Drupal (FR)
Schema.org & Drupal (FR)Schema.org & Drupal (FR)
Schema.org & Drupal (FR)scorlosquet
 
Drupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP WebinarDrupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP Webinarscorlosquet
 
The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013scorlosquet
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012scorlosquet
 
Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012scorlosquet
 
Data strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers trainingData strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers trainingscorlosquet
 
Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012scorlosquet
 
Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)scorlosquet
 
Drupal 7 and schema.org module
Drupal 7 and schema.org moduleDrupal 7 and schema.org module
Drupal 7 and schema.org modulescorlosquet
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDFscorlosquet
 
How to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFaHow to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFascorlosquet
 
RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010scorlosquet
 
When Drupal and RDF meet
When Drupal and RDF meetWhen Drupal and RDF meet
When Drupal and RDF meetscorlosquet
 
Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!scorlosquet
 

More from scorlosquet (18)

Using schema.org to improve SEO
Using schema.org to improve SEOUsing schema.org to improve SEO
Using schema.org to improve SEO
 
DrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgDrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.org
 
The Future of Search and SEO in Drupal
The Future of Search and SEO in DrupalThe Future of Search and SEO in Drupal
The Future of Search and SEO in Drupal
 
Schema.org & Drupal (FR)
Schema.org & Drupal (FR)Schema.org & Drupal (FR)
Schema.org & Drupal (FR)
 
Drupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP WebinarDrupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP Webinar
 
The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012
 
Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012
 
Data strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers trainingData strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers training
 
Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012
 
Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)
 
Drupal 7 and schema.org module
Drupal 7 and schema.org moduleDrupal 7 and schema.org module
Drupal 7 and schema.org module
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDF
 
How to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFaHow to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFa
 
RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010
 
Drupal and RDF
Drupal and RDFDrupal and RDF
Drupal and RDF
 
When Drupal and RDF meet
When Drupal and RDF meetWhen Drupal and RDF meet
When Drupal and RDF meet
 
Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 

Recently uploaded (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 

Security - Drupal Decision Makers training

  • 1. Security in Drupal Stéphane Corlosquet scorlosquet@gmail.com Training at NYCamp 2012
  • 2. General tips ● Use HTTPS, SSH, SFTP ● Strong password policy ● Server – LAMP stack ● Require SSH keys ● Keep your site settings secure – Permissions – Text formats – PHP filter
  • 3. Drupal 7 ● Stronger password hashing / salt ● Login flood control – prevents brute-force credential guessing ● Protected cron – prevents Denial of Service attacks ● Update manager – Update module from the web UI
  • 4. Modules enhancing security ● Secure login ● Password policy ● Paranoia ● Hacked! ● Permissions Lock
  • 5. Security process ● Ongoing maintenance ● Cost ● Managed hosting ● Drupal.org packaging infrastructure
  • 6. Security process ● Drupal Security Team ● Keep Drupal code secure in core and contrib ● Educate the community on security best practices – Developers – Site builders – Site administrators and users – Decision makers ● Security Advisory for new module releases
  • 8. Developers & site maintainers ● Follow Drupal APIs and best practices ● Take & verify backups ● Sanitize backups for sharing
  • 10. Book on Security in Drupal
  • 11. References ● DGD7 chapter 6 ● http://drupal.org/security ● http://www.drupalscout.com/ ● http://groups.drupal.org/best-practices-drupal-security