SlideShare a Scribd company logo

Security - Drupal Decision Makers training

S
scorlosquet

Presentation on security at the NYCamp Drupal Decision makers

TechnologyNews & Politics
1 of 11
Download to read offline
Security in Drupal Stéphane Corlosquet scorlosquet@gmail.com Training at NYCamp 2012
General tips ● Use HTTPS, SSH, SFTP ● Strong password policy ● Server – LAMP stack ● Require SSH keys ● Keep your site settings secure – Permissions – Text formats – PHP filter
Drupal 7 ● Stronger password hashing / salt ● Login flood control – prevents brute-force credential guessing ● Protected cron – prevents Denial of Service attacks ● Update manager – Update module from the web UI
Modules enhancing security ● Secure login ● Password policy ● Paranoia ● Hacked! ● Permissions Lock
Security process ● Ongoing maintenance ● Cost ● Managed hosting ● Drupal.org packaging infrastructure
Security process ● Drupal Security Team ● Keep Drupal code secure in core and contrib ● Educate the community on security best practices – Developers – Site builders – Site administrators and users – Decision makers ● Security Advisory for new module releases
Security process
Developers & site maintainers ● Follow Drupal APIs and best practices ● Take & verify backups ● Sanitize backups for sharing
Cross Site Scripting
Book on Security in Drupal
References ● DGD7 chapter 6 ● http://drupal.org/security ● http://www.drupalscout.com/ ● http://groups.drupal.org/best-practices-drupal-security

Recommended

Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013scorlosquet
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : OverviewWildan Maulana
 
DrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea LegsDrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea Legsericthelast
 
Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Http security response headers
Http security response headers Http security response headers
Http security response headers mohammadhosseinrouha
 
Memcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainMemcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainDrupal Camp Delhi
 
Becoming A Drupal Master Builder
Becoming A Drupal Master BuilderBecoming A Drupal Master Builder
Becoming A Drupal Master BuilderPhilip Norton
 
[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GIT[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GITWong Hoi Sing Edison
 

Recommended

Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013Keeping your Drupal site secure 2013
Keeping your Drupal site secure 2013scorlosquet
 
Apache2 BootCamp : Overview
Apache2 BootCamp : OverviewApache2 BootCamp : Overview
Apache2 BootCamp : OverviewWildan Maulana
 
DrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea LegsDrupalCamp STL: Get Your Drupal Sea Legs
DrupalCamp STL: Get Your Drupal Sea Legsericthelast
 
Web content security policies
Web content security policiesWeb content security policies
Web content security policiesDhanu Gupta
 
Http security response headers
Http security response headers Http security response headers
Http security response headers mohammadhosseinrouha
 
Memcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainMemcache and Drupal - Vaibhav Jain
Memcache and Drupal - Vaibhav JainDrupal Camp Delhi
 
Becoming A Drupal Master Builder
Becoming A Drupal Master BuilderBecoming A Drupal Master Builder
Becoming A Drupal Master BuilderPhilip Norton
 
[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GIT[HKDUG] #20180512 - Fix Hacked Drupal with GIT
[HKDUG] #20180512 - Fix Hacked Drupal with GITWong Hoi Sing Edison
 
Drupal 7 training
Drupal 7 trainingDrupal 7 training
Drupal 7 trainingRavi Yelluripati
 
Drupal in-depth
Drupal in-depthDrupal in-depth
Drupal in-depthKathryn Carruthers
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thWong Hoi Sing Edison
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Handrus Nogueira
 
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!Taller Negócio Digitais
 
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Handrus Nogueira
 
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Lucas Arruda
 
Drupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersDrupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersArunkumar Kupppuswamy
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered WebsitePratik Jagdishwala
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security HardeningGerald Villorente
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security HardeningGerald Villorente
 
Course_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxCourse_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxssuser020436
 
Best Practices In Moodle Administration
Best Practices In Moodle AdministrationBest Practices In Moodle Administration
Best Practices In Moodle Administrationmoorejon
 
BADCamp 2012- Drupal Support
BADCamp 2012- Drupal SupportBADCamp 2012- Drupal Support
BADCamp 2012- Drupal Supportmeghsweet
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Wildan Maulana
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thWong Hoi Sing Edison
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Paul McKibben
 
Using schema.org to improve SEO
Using schema.org to improve SEOUsing schema.org to improve SEO
Using schema.org to improve SEOscorlosquet
 
DrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgDrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgscorlosquet
 

More Related Content

Similar to Security - Drupal Decision Makers training

Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thWong Hoi Sing Edison
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityAnn Lam
 
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Handrus Nogueira
 
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!Taller Negócio Digitais
 
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Handrus Nogueira
 
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Lucas Arruda
 
Drupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersDrupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersArunkumar Kupppuswamy
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered WebsitePratik Jagdishwala
 
Course_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxCourse_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxssuser020436
 
Best Practices In Moodle Administration
Best Practices In Moodle AdministrationBest Practices In Moodle Administration
Best Practices In Moodle Administrationmoorejon
 
BADCamp 2012- Drupal Support
BADCamp 2012- Drupal SupportBADCamp 2012- Drupal Support
BADCamp 2012- Drupal Supportmeghsweet
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Wildan Maulana
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thWong Hoi Sing Edison
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Paul McKibben
 

Similar to Security - Drupal Decision Makers training (20)

Drupal 7 training
Drupal 7 trainingDrupal 7 training
Drupal 7 training
 
Drupal in-depth
Drupal in-depthDrupal in-depth
Drupal in-depth
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
 
Hong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8thHong Kong Drupal User Group - Nov 8th
Hong Kong Drupal User Group - Nov 8th
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerabilityHong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
 
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
Escalando php e drupal- performance ao infinito e além! - DrupalCamp SP 2015
 
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
DrupalCamp SP 2015 - Escalando PHP e Drupal- Performance ao infinito e além!
 
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
Escalando php e drupal- performance ao infinito e além! - Drupal camp sp 2015
 
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
Escalando PHP e Drupal: performance ao infinito e além! - DrupalCamp SP 2015
 
Drupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and CodersDrupal and security - Advice for Site Builders and Coders
Drupal and security - Advice for Site Builders and Coders
 
Securing your WordPress powered Website
Securing your WordPress powered WebsiteSecuring your WordPress powered Website
Securing your WordPress powered Website
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
 
Drupal Security Hardening
Drupal Security HardeningDrupal Security Hardening
Drupal Security Hardening
 
Course_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptxCourse_Presentation cyber --------------.pptx
Course_Presentation cyber --------------.pptx
 
Best Practices In Moodle Administration
Best Practices In Moodle AdministrationBest Practices In Moodle Administration
Best Practices In Moodle Administration
 
BADCamp 2012- Drupal Support
BADCamp 2012- Drupal SupportBADCamp 2012- Drupal Support
BADCamp 2012- Drupal Support
 
Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)Apache2 BootCamp : Apache and The Web (1.1)
Apache2 BootCamp : Apache and The Web (1.1)
 
Open Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26thOpen Innovation Lab (OIL) - 2014 Sep 26th
Open Innovation Lab (OIL) - 2014 Sep 26th
 
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
Nagios Conference 2013 - Sam Lansing - Getting Started With Nagios XI, Core, ...
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
 

More from scorlosquet

Using schema.org to improve SEO
Using schema.org to improve SEOUsing schema.org to improve SEO
Using schema.org to improve SEOscorlosquet
 
DrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgDrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgscorlosquet
 
The Future of Search and SEO in Drupal
The Future of Search and SEO in DrupalThe Future of Search and SEO in Drupal
The Future of Search and SEO in Drupalscorlosquet
 
Schema.org & Drupal (FR)
Schema.org & Drupal (FR)Schema.org & Drupal (FR)
Schema.org & Drupal (FR)scorlosquet
 
Drupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP WebinarDrupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP Webinarscorlosquet
 
The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013scorlosquet
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012scorlosquet
 
Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012scorlosquet
 
Data strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers trainingData strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers trainingscorlosquet
 
Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012scorlosquet
 
Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)scorlosquet
 
Drupal 7 and schema.org module
Drupal 7 and schema.org moduleDrupal 7 and schema.org module
Drupal 7 and schema.org modulescorlosquet
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDFscorlosquet
 
How to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFaHow to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFascorlosquet
 
RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010scorlosquet
 
When Drupal and RDF meet
When Drupal and RDF meetWhen Drupal and RDF meet
When Drupal and RDF meetscorlosquet
 
Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!scorlosquet
 

More from scorlosquet (18)

Using schema.org to improve SEO
Using schema.org to improve SEOUsing schema.org to improve SEO
Using schema.org to improve SEO
 
DrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.orgDrupalCamp NJ 2014 Solr and Schema.org
DrupalCamp NJ 2014 Solr and Schema.org
 
The Future of Search and SEO in Drupal
The Future of Search and SEO in DrupalThe Future of Search and SEO in Drupal
The Future of Search and SEO in Drupal
 
Schema.org & Drupal (FR)
Schema.org & Drupal (FR)Schema.org & Drupal (FR)
Schema.org & Drupal (FR)
 
Drupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP WebinarDrupal and the Semantic Web - ESIP Webinar
Drupal and the Semantic Web - ESIP Webinar
 
The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013The Semantic Web and Drupal 7 - Loja 2013
The Semantic Web and Drupal 7 - Loja 2013
 
Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012Drupal as a Semantic Web platform - ISWC 2012
Drupal as a Semantic Web platform - ISWC 2012
 
Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012Slides semantic web and Drupal 7 NYCCamp 2012
Slides semantic web and Drupal 7 NYCCamp 2012
 
Data strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers trainingData strategies - Drupal Decision Makers training
Data strategies - Drupal Decision Makers training
 
Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012Drupal and the semantic web - SemTechBiz 2012
Drupal and the semantic web - SemTechBiz 2012
 
Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)Drupal 7 and schema.org module (Jan 2012)
Drupal 7 and schema.org module (Jan 2012)
 
Drupal 7 and schema.org module
Drupal 7 and schema.org moduleDrupal 7 and schema.org module
Drupal 7 and schema.org module
 
Drupal 7 and RDF
Drupal 7 and RDFDrupal 7 and RDF
Drupal 7 and RDF
 
How to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFaHow to Build Linked Data Sites with Drupal 7 and RDFa
How to Build Linked Data Sites with Drupal 7 and RDFa
 
RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010RDF presentation at DrupalCon San Francisco 2010
RDF presentation at DrupalCon San Francisco 2010
 
Drupal and RDF
Drupal and RDFDrupal and RDF
Drupal and RDF
 
When Drupal and RDF meet
When Drupal and RDF meetWhen Drupal and RDF meet
When Drupal and RDF meet
 
Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!Produce and Consume Linked Data with Drupal!
Produce and Consume Linked Data with Drupal!
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Recently uploaded (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Security - Drupal Decision Makers training

  • 1. Security in Drupal Stéphane Corlosquet scorlosquet@gmail.com Training at NYCamp 2012
  • 2. General tips ● Use HTTPS, SSH, SFTP ● Strong password policy ● Server – LAMP stack ● Require SSH keys ● Keep your site settings secure – Permissions – Text formats – PHP filter
  • 3. Drupal 7 ● Stronger password hashing / salt ● Login flood control – prevents brute-force credential guessing ● Protected cron – prevents Denial of Service attacks ● Update manager – Update module from the web UI
  • 4. Modules enhancing security ● Secure login ● Password policy ● Paranoia ● Hacked! ● Permissions Lock
  • 5. Security process ● Ongoing maintenance ● Cost ● Managed hosting ● Drupal.org packaging infrastructure
  • 6. Security process ● Drupal Security Team ● Keep Drupal code secure in core and contrib ● Educate the community on security best practices – Developers – Site builders – Site administrators and users – Decision makers ● Security Advisory for new module releases
  • 8. Developers & site maintainers ● Follow Drupal APIs and best practices ● Take & verify backups ● Sanitize backups for sharing
  • 10. Book on Security in Drupal
  • 11. References ● DGD7 chapter 6 ● http://drupal.org/security ● http://www.drupalscout.com/ ● http://groups.drupal.org/best-practices-drupal-security