Drupal Security Testing using OWASP ZAP

The security of our web applications plays a huge role in the success of our federal enterprise websites and their continuous improvements and updates. The recent #cyberattacks prompted the Biden Administration to issue Executive Order 14028, aimed at improving the nation's cybersecurity posture and, with that, the push to shape a new revision of the Secure Software Development Framework (#SSDF) by NIST. The process of requesting authorization to perform security testing on production sites can take a long time and is much riskier than testing locally.

In this session, we will cover the SSDF framework around our #Drupal projects and how we can use the OWASP ZAP tool, an open-source web application security scanner, to test our web applications locally before we push code to production. In this session, you will learn:
· Why cybersecurity should be an integral part of new features development planning
· What are some best practices to implement when we create digital experiences
· What tools can be used to help us audit cybersecurity on websites
· How can this help your ATO (Authorization to Operate) process for federal websites

🎤 Presenter(s): Paola Garcia Cardenas

Drupal is a registered trademark of Dries Buytaert.