April 24, 2023
Today we are talking about Drupal Security with Mark Shropshire & Benji Fisher.
Listen:
direct LinkTopics
- Why do you care about security
- Best tips for securing Drupal
- Common Security Issues people have with Drupal
- Convincing module maintainers to do full releases
- Testing to ensure security
- Guardr Drupal security distribution
- What does the Drupal Security team do
- Finding issues
- Review compromised sites
- Becoming a member
- Process for writing security notices
- Helping the security team
Resources
- How to Join the Drupal Security Team
- How to get involved
- Passwords:
- Discussed at this BadCamp talk - Sleep Better at Night with a Secure Drupal Site
- OWASP
- OWASP Zap baseline
- Benji’s talk introducing the OWASP Top Ten
- Github repo building and testing guardr
- Sam Mortenson talk
- Guardr core
Module of the Week
Integrates your Drupal site with the open source CrowdSec Security Engine, a collaborative malicious activity detection and remediation tool.