SlideShare a Scribd company logo

Security - Drupal Decision Makers training

S
scorlosquet

This document discusses security best practices for Drupal, including using HTTPS and SSH, strong passwords, keeping the server and site settings secure, and modules that can enhance security. It also covers Drupal 7 security improvements like password hashing and login flood control, as well as the importance of ongoing maintenance, backups, and following the Drupal security process.

TechnologyNews & Politics
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
Security in Drupal Stéphane Corlosquet scorlosquet@gmail.com Training at NYCamp 2012
General tips ● Use HTTPS, SSH, SFTP ● Strong password policy ● Server – LAMP stack ● Require SSH keys ● Keep your site settings secure – Permissions – Text formats – PHP filter
Drupal 7 ● Stronger password hashing / salt ● Login flood control – prevents brute-force credential guessing ● Protected cron – prevents Denial of Service attacks ● Update manager – Update module from the web UI
Modules enhancing security ● Secure login ● Password policy ● Paranoia ● Hacked! ● Permissions Lock
Security process ● Ongoing maintenance ● Cost ● Managed hosting ● Drupal.org packaging infrastructure
Security process ● Drupal Security Team ● Keep Drupal code secure in core and contrib ● Educate the community on security best practices – Developers – Site builders – Site administrators and users – Decision makers ● Security Advisory for new module releases
Security process
Developers & site maintainers ● Follow Drupal APIs and best practices ● Take & verify backups ● Sanitize backups for sharing
Cross Site Scripting
Book on Security in Drupal
References ● DGD7 chapter 6 ● http://drupal.org/security ● http://www.drupalscout.com/ ● http://groups.drupal.org/best-practices-drupal-security

More Related Content

ODP
Keeping your Drupal site secure 2013
scorlosquet
 
PDF
Apache2 BootCamp : Overview
Wildan Maulana
 
ODP
DrupalCamp STL: Get Your Drupal Sea Legs
ericthelast
 
PPTX
Web content security policies
Dhanu Gupta
 
PDF
Http security response headers
mohammadhosseinrouha
 
PDF
Memcache and Drupal - Vaibhav Jain
Drupal Camp Delhi
 
PPTX
Becoming A Drupal Master Builder
Philip Norton
 
PDF
[HKDUG] #20180512 - Fix Hacked Drupal with GIT
Wong Hoi Sing Edison
 
Keeping your Drupal site secure 2013
scorlosquet
 
Apache2 BootCamp : Overview
Wildan Maulana
 
DrupalCamp STL: Get Your Drupal Sea Legs
ericthelast
 
Web content security policies
Dhanu Gupta
 
Http security response headers
mohammadhosseinrouha
 
Memcache and Drupal - Vaibhav Jain
Drupal Camp Delhi
 
Becoming A Drupal Master Builder
Philip Norton
 
[HKDUG] #20180512 - Fix Hacked Drupal with GIT
Wong Hoi Sing Edison
 

Similar to Security - Drupal Decision Makers training (20)

ODP
Drupal 7 training
Ravi Yelluripati
 
PDF
Drupal in-depth
Kathryn Carruthers
 
PDF
Hong Kong Drupal User Group - Nov 8th
Wong Hoi Sing Edison
 
PDF
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Ann Lam
 
PDF
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Ann Lam
 
PDF
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Handrus Nogueira
 
PDF
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
Taller Negócio Digitais
 
PDF
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Handrus Nogueira
 
PDF
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Lucas Arruda
 
PDF
Drupal and security - Advice for Site Builders and Coders
Arunkumar Kupppuswamy
 
PDF
Securing your WordPress powered Website
Pratik Jagdishwala
 
ODP
Drupal Security Hardening
Gerald Villorente
 
ODP
Drupal Security Hardening
Gerald Villorente
 
PPTX
Course_Presentation cyber --------------.pptx
ssuser020436
 
ODP
Best Practices In Moodle Administration
moorejon
 
PDF
BADCamp 2012- Drupal Support
meghsweet
 
PDF
Apache2 BootCamp : Apache and The Web (1.1)
Wildan Maulana
 
PDF
Open Innovation Lab (OIL) - 2014 Sep 26th
Wong Hoi Sing Edison
 
ODP
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios
 
PDF
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Paul McKibben
 
Drupal 7 training
Ravi Yelluripati
 
Drupal in-depth
Kathryn Carruthers
 
Hong Kong Drupal User Group - Nov 8th
Wong Hoi Sing Edison
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Ann Lam
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Ann Lam
 
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Handrus Nogueira
 
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
Taller Negócio Digitais
 
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Handrus Nogueira
 
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Lucas Arruda
 
Drupal and security - Advice for Site Builders and Coders
Arunkumar Kupppuswamy
 
Securing your WordPress powered Website
Pratik Jagdishwala
 
Drupal Security Hardening
Gerald Villorente
 
Drupal Security Hardening
Gerald Villorente
 
Course_Presentation cyber --------------.pptx
ssuser020436
 
Best Practices In Moodle Administration
moorejon
 
BADCamp 2012- Drupal Support
meghsweet
 
Apache2 BootCamp : Apache and The Web (1.1)
Wildan Maulana
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Wong Hoi Sing Edison
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Paul McKibben
 
Ad

More from scorlosquet (18)

PDF
Using schema.org to improve SEO
scorlosquet
 
PDF
DrupalCamp NJ 2014 Solr and Schema.org
scorlosquet
 
PDF
The Future of Search and SEO in Drupal
scorlosquet
 
PDF
Schema.org & Drupal (FR)
scorlosquet
 
PDF
Drupal and the Semantic Web - ESIP Webinar
scorlosquet
 
PDF
The Semantic Web and Drupal 7 - Loja 2013
scorlosquet
 
PDF
Drupal as a Semantic Web platform - ISWC 2012
scorlosquet
 
PDF
Slides semantic web and Drupal 7 NYCCamp 2012
scorlosquet
 
PDF
Data strategies - Drupal Decision Makers training
scorlosquet
 
PDF
Drupal and the semantic web - SemTechBiz 2012
scorlosquet
 
PDF
Drupal 7 and schema.org module (Jan 2012)
scorlosquet
 
PDF
Drupal 7 and schema.org module
scorlosquet
 
PDF
Drupal 7 and RDF
scorlosquet
 
PDF
How to Build Linked Data Sites with Drupal 7 and RDFa
scorlosquet
 
KEY
RDF presentation at DrupalCon San Francisco 2010
scorlosquet
 
PDF
Drupal and RDF
scorlosquet
 
PDF
When Drupal and RDF meet
scorlosquet
 
PDF
Produce and Consume Linked Data with Drupal!
scorlosquet
 
Using schema.org to improve SEO
scorlosquet
 
DrupalCamp NJ 2014 Solr and Schema.org
scorlosquet
 
The Future of Search and SEO in Drupal
scorlosquet
 
Schema.org & Drupal (FR)
scorlosquet
 
Drupal and the Semantic Web - ESIP Webinar
scorlosquet
 
The Semantic Web and Drupal 7 - Loja 2013
scorlosquet
 
Drupal as a Semantic Web platform - ISWC 2012
scorlosquet
 
Slides semantic web and Drupal 7 NYCCamp 2012
scorlosquet
 
Data strategies - Drupal Decision Makers training
scorlosquet
 
Drupal and the semantic web - SemTechBiz 2012
scorlosquet
 
Drupal 7 and schema.org module (Jan 2012)
scorlosquet
 
Drupal 7 and schema.org module
scorlosquet
 
Drupal 7 and RDF
scorlosquet
 
How to Build Linked Data Sites with Drupal 7 and RDFa
scorlosquet
 
RDF presentation at DrupalCon San Francisco 2010
scorlosquet
 
Drupal and RDF
scorlosquet
 
When Drupal and RDF meet
scorlosquet
 
Produce and Consume Linked Data with Drupal!
scorlosquet
 
Ad

Recently uploaded (20)

PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Cloud computing and distributed systems.
kkkkkhan
 
Encapsulation theory and applications.pdf
gurumoop
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 

Security - Drupal Decision Makers training

  • 1. Security in Drupal Stéphane Corlosquet scorlosquet@gmail.com Training at NYCamp 2012
  • 2. General tips ● Use HTTPS, SSH, SFTP ● Strong password policy ● Server – LAMP stack ● Require SSH keys ● Keep your site settings secure – Permissions – Text formats – PHP filter
  • 3. Drupal 7 ● Stronger password hashing / salt ● Login flood control – prevents brute-force credential guessing ● Protected cron – prevents Denial of Service attacks ● Update manager – Update module from the web UI
  • 4. Modules enhancing security ● Secure login ● Password policy ● Paranoia ● Hacked! ● Permissions Lock
  • 5. Security process ● Ongoing maintenance ● Cost ● Managed hosting ● Drupal.org packaging infrastructure
  • 6. Security process ● Drupal Security Team ● Keep Drupal code secure in core and contrib ● Educate the community on security best practices – Developers – Site builders – Site administrators and users – Decision makers ● Security Advisory for new module releases
  • 8. Developers & site maintainers ● Follow Drupal APIs and best practices ● Take & verify backups ● Sanitize backups for sharing
  • 10. Book on Security in Drupal
  • 11. References ● DGD7 chapter 6 ● http://drupal.org/security ● http://www.drupalscout.com/ ● http://groups.drupal.org/best-practices-drupal-security