SlideShare a Scribd company logo

Security - Drupal Decision Makers training

S
scorlosquet

Presentation on security at the NYCamp Drupal Decision makers

TechnologyNews & Politics
1 of 11
Download to read offline
Security in Drupal Stéphane Corlosquet scorlosquet@gmail.com Training at NYCamp 2012
General tips ● Use HTTPS, SSH, SFTP ● Strong password policy ● Server – LAMP stack ● Require SSH keys ● Keep your site settings secure – Permissions – Text formats – PHP filter
Drupal 7 ● Stronger password hashing / salt ● Login flood control – prevents brute-force credential guessing ● Protected cron – prevents Denial of Service attacks ● Update manager – Update module from the web UI
Modules enhancing security ● Secure login ● Password policy ● Paranoia ● Hacked! ● Permissions Lock
Security process ● Ongoing maintenance ● Cost ● Managed hosting ● Drupal.org packaging infrastructure
Security process ● Drupal Security Team ● Keep Drupal code secure in core and contrib ● Educate the community on security best practices – Developers – Site builders – Site administrators and users – Decision makers ● Security Advisory for new module releases
Security process
Developers & site maintainers ● Follow Drupal APIs and best practices ● Take & verify backups ● Sanitize backups for sharing
Cross Site Scripting
Book on Security in Drupal
References ● DGD7 chapter 6 ● http://drupal.org/security ● http://www.drupalscout.com/ ● http://groups.drupal.org/best-practices-drupal-security

Recommended

Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013scorlosquet
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : OverviewWildan Maulana
 
DrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea LegsDrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea Legsericthelast
 
Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Http security response headers
Http security response headers Http security response headers
Http security response headers mohammadhosseinrouha
 
Memcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainMemcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainDrupal Camp Delhi
 
Becoming A Drupal Master Builder
Becoming A Drupal Master BuilderBecoming A Drupal Master Builder
Becoming A Drupal Master BuilderPhilip Norton
 
[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GIT[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GITWong Hoi Sing Edison
 

Recommended

Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013scorlosquet
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : OverviewWildan Maulana
 
DrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea LegsDrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea Legsericthelast
 
Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Http security response headers
Http security response headers Http security response headers
Http security response headers mohammadhosseinrouha
 
Memcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainMemcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainDrupal Camp Delhi
 
Becoming A Drupal Master Builder
Becoming A Drupal Master BuilderBecoming A Drupal Master Builder
Becoming A Drupal Master BuilderPhilip Norton
 
[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GIT[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GITWong Hoi Sing Edison
 
Drupal 7 training
Drupal 7 trainingDrupal 7 training
Drupal 7 trainingRavi Yelluripati
 
Drupal in-depth
Drupal in-depthDrupal in-depth
Drupal in-depthKathryn Carruthers
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thWong Hoi Sing Edison
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Handrus Nogueira
 
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!Taller Negócio Digitais
 
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Handrus Nogueira
 
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Lucas Arruda
 
Drupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersDrupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersArunkumar Kupppuswamy
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered WebsitePratik Jagdishwala
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security HardeningGerald Villorente
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security HardeningGerald Villorente
 
Course_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxCourse_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxssuser020436
 
Best Practices In Moodle Administration
Best Practices In Moodle AdministrationBest Practices In Moodle Administration
Best Practices In Moodle Administrationmoorejon
 
BADCamp 2012- Drupal Support
BADCamp 2012- Drupal SupportBADCamp 2012- Drupal Support
BADCamp 2012- Drupal Supportmeghsweet
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Wildan Maulana
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thWong Hoi Sing Edison
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Paul McKibben
 
Using schema.org to improve SEO
Using schema.org to improve SEOUsing schema.org to improve SEO
Using schema.org to improve SEOscorlosquet
 
DrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgDrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgscorlosquet
 

More Related Content

Similar to Security - Drupal Decision Makers training

Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thWong Hoi Sing Edison
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Handrus Nogueira
 
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!Taller Negócio Digitais
 
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Handrus Nogueira
 
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Lucas Arruda
 
Drupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersDrupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersArunkumar Kupppuswamy
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered WebsitePratik Jagdishwala
 
Course_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxCourse_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxssuser020436
 
Best Practices In Moodle Administration
Best Practices In Moodle AdministrationBest Practices In Moodle Administration
Best Practices In Moodle Administrationmoorejon
 
BADCamp 2012- Drupal Support
BADCamp 2012- Drupal SupportBADCamp 2012- Drupal Support
BADCamp 2012- Drupal Supportmeghsweet
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Wildan Maulana
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thWong Hoi Sing Edison
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Paul McKibben
 

Similar to Security - Drupal Decision Makers training (20)

Drupal 7 training
Drupal 7 trainingDrupal 7 training
Drupal 7 training
 
Drupal in-depth
Drupal in-depthDrupal in-depth
Drupal in-depth
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8th
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
 
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
 
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
 
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
 
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
 
Drupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersDrupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and Coders
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered Website
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
 
Course_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxCourse_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptx
 
Best Practices In Moodle Administration
Best Practices In Moodle AdministrationBest Practices In Moodle Administration
Best Practices In Moodle Administration
 
BADCamp 2012- Drupal Support
BADCamp 2012- Drupal SupportBADCamp 2012- Drupal Support
BADCamp 2012- Drupal Support
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26th
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
 

More from scorlosquet

Using schema.org to improve SEO
Using schema.org to improve SEOUsing schema.org to improve SEO
Using schema.org to improve SEOscorlosquet
 
DrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgDrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgscorlosquet
 
The Future of Search and SEO in Drupal
The Future of Search and SEO in DrupalThe Future of Search and SEO in Drupal
The Future of Search and SEO in Drupalscorlosquet
 
Schema.org & Drupal (FR)
Schema.org & Drupal (FR)Schema.org & Drupal (FR)
Schema.org & Drupal (FR)scorlosquet
 
Drupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP WebinarDrupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP Webinarscorlosquet
 
The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013scorlosquet
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012scorlosquet
 
Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012scorlosquet
 
Data strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers trainingData strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers trainingscorlosquet
 
Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012scorlosquet
 
Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)scorlosquet
 
Drupal 7 and schema.org module
Drupal 7 and schema.org moduleDrupal 7 and schema.org module
Drupal 7 and schema.org modulescorlosquet
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDFscorlosquet
 
How to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFaHow to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFascorlosquet
 
RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010scorlosquet
 
When Drupal and RDF meet
When Drupal and RDF meetWhen Drupal and RDF meet
When Drupal and RDF meetscorlosquet
 
Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!scorlosquet
 

More from scorlosquet (18)

Using schema.org to improve SEO
Using schema.org to improve SEOUsing schema.org to improve SEO
Using schema.org to improve SEO
 
DrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgDrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.org
 
The Future of Search and SEO in Drupal
The Future of Search and SEO in DrupalThe Future of Search and SEO in Drupal
The Future of Search and SEO in Drupal
 
Schema.org & Drupal (FR)
Schema.org & Drupal (FR)Schema.org & Drupal (FR)
Schema.org & Drupal (FR)
 
Drupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP WebinarDrupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP Webinar
 
The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012
 
Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012
 
Data strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers trainingData strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers training
 
Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012
 
Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)
 
Drupal 7 and schema.org module
Drupal 7 and schema.org moduleDrupal 7 and schema.org module
Drupal 7 and schema.org module
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDF
 
How to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFaHow to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFa
 
RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010
 
Drupal and RDF
Drupal and RDFDrupal and RDF
Drupal and RDF
 
When Drupal and RDF meet
When Drupal and RDF meetWhen Drupal and RDF meet
When Drupal and RDF meet
 
Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Security - Drupal Decision Makers training

  • 1. Security in Drupal Stéphane Corlosquet scorlosquet@gmail.com Training at NYCamp 2012
  • 2. General tips ● Use HTTPS, SSH, SFTP ● Strong password policy ● Server – LAMP stack ● Require SSH keys ● Keep your site settings secure – Permissions – Text formats – PHP filter
  • 3. Drupal 7 ● Stronger password hashing / salt ● Login flood control – prevents brute-force credential guessing ● Protected cron – prevents Denial of Service attacks ● Update manager – Update module from the web UI
  • 4. Modules enhancing security ● Secure login ● Password policy ● Paranoia ● Hacked! ● Permissions Lock
  • 5. Security process ● Ongoing maintenance ● Cost ● Managed hosting ● Drupal.org packaging infrastructure
  • 6. Security process ● Drupal Security Team ● Keep Drupal code secure in core and contrib ● Educate the community on security best practices – Developers – Site builders – Site administrators and users – Decision makers ● Security Advisory for new module releases
  • 8. Developers & site maintainers ● Follow Drupal APIs and best practices ● Take & verify backups ● Sanitize backups for sharing
  • 10. Book on Security in Drupal
  • 11. References ● DGD7 chapter 6 ● http://drupal.org/security ● http://www.drupalscout.com/ ● http://groups.drupal.org/best-practices-drupal-security