Protect This Drupal House: How to Run and Respond to a Security Audit
thealice
If you work on Drupal sites that include forms, varied user profiles, paywalls, eCommerce features, integrations or API codes stored in the database, you’re particularly concerned with security—and could benefit from a security audit. But what is it and how do you run one? And what do you do once you’ve performed your security audit? Whether you’re building a site and want to adhere to Drupal security best practices or are working with an already-existing site and need to secure it, this session is for you.
You’ll get a security checklist as well as some tried-and-tested ways to respond to your findings. Some topics we’ll cover:
Core and contrib module updates: Why they’re important and how to keep on top of them
Making the most out of tools that come bundled into Drupal: eg. how to respond to notices on the Site Status report page
Drupal configurations: User management, permissions, password management
Modules that can help protect your site as well as flag existing issues
Ways to restrict Administrative access and access to other configuration information
Beyond Drupal: Securing at the server level
https://2018.badcamp.org/session/protect-drupal-house-how-run-and-respond-security-audit
If you work on Drupal sites that include forms, varied user profiles, paywalls, eCommerce features, integrations or API codes stored in the database, you’re particularly concerned with security—and could benefit from a security audit. But what is it and how do you run one? And what do you do once you’ve performed your security audit? Whether you’re building a site and want to adhere to Drupal security best practices or are working with an already-existing site and need to secure it, this session is for you.
You’ll get a security checklist as well as some tried-and-tested ways to respond to your findings. Some topics we’ll cover:
Core and contrib module updates: Why they’re important and how to keep on top of them
Making the most out of tools that come bundled into Drupal: eg. how to respond to notices on the Site Status report page
Drupal configurations: User management, permissions, password management
Modules that can help protect your site as well as flag existing issues
Ways to restrict Administrative access and access to other configuration information
Beyond Drupal: Securing at the server level
https://2018.badcamp.org/session/protect-drupal-house-how-run-and-respond-security-audit