Protect This Drupal House: How to Run and Respond to a Security Audit

thealice

If you work on Drupal sites that include forms, varied user profiles, paywalls, eCommerce features, integrations or API codes stored in the database, you’re particularly concerned with security—and could benefit from a security audit. But what is it and how do you run one? And what do you do once you’ve performed your security audit? Whether you’re building a site and want to adhere to Drupal security best practices or are working with an already-existing site and need to secure it, this session is for you.

You’ll get a security checklist as well as some tried-and-tested ways to respond to your findings. Some topics we’ll cover:

Core and contrib module updates: Why they’re important and how to keep on top of them

Making the most out of tools that come bundled into Drupal: eg. how to respond to notices on the Site Status report page

Drupal configurations: User management, permissions, password management

Modules that can help protect your site as well as flag existing issues

Ways to restrict Administrative access and access to other configuration information

Beyond Drupal: Securing at the server level

https://2018.badcamp.org/session/protect-drupal-house-how-run-and-respond-security-audit

Drupal is a registered trademark of Dries Buytaert.