With Drupal being used for building websites and applications in government, non-profits, and corporate enterprises, it has become important to make sure that production projects follow mandated security controls. Guardr is a distribution that will kickstart your project with community selected and supported modules and configurations to strengthen Drupal security.

Guardr maintainers have worked with the security departments of corporations, U.S. banks, and the U.S. Federal Government, combining security standards to not only pick out some great hardening modules, but also to configure them during install with hardened settings. Why download and configure individual modules when Guardr can do the heavy-lifting for you?

Session attendees will learn about Guardr's philosophy, features, and how to start new projects with Guardr. Let's raise the bar on Drupal security with a more streamlined approach.




Session Outline

What is Guarder?
The Guardr philosophy and how modules are selected for inclusion
What to expect when Guardr is installed
Why use Guardr?
CIA information security triad
How Guardr goes beyond just including security related modules
Security features in Guardr:
Automatically logout users after a specified period of time
Session limits
Monitoring server disk utilization
Data encryption options
Set password policies
Reset all user passwords
Monitor for hacked modules
Extended logging of logins
Content Security Policy modifications
SSL/TLS, clickjacking, user enumeration, cross-site request forgery, and cross-site scripting protection enhancements
Demonstrations
How to get involved and contribute