Talking Drupal #396 - Drupal Security

Today we are talking about Drupal Security with Mark Shropshire
& Benji Fisher.


For show notes visit:
www.talkingDrupal.com/396
Topics

Why do you care about security

Best tips for securing Drupal

Common Security Issues people have with Drupal

Convincing module maintainers to do full releases

Testing to ensure security

Guardr Drupal security distribution

What does the Drupal Security team do

Finding issues

Review compromised sites

Becoming a member

Process for writing security notices

Helping the security team

Resources

How to Join the Drupal Security Team

How to get involved

Passwords:

xkcd

Spaceballs



Discussed at this BadCamp talk - Sleep Better at Night with a
Secure Drupal Site

OWASP

OWASP Zap baseline

Benji’s talk introducing the OWASP Top Ten

Current

Other versions

Source code (markdown)



Github repo building and testing guardr

Sam Mortenson talk


https://drupal.slack.com/archives/C1DD80ZKM/p1550697032017600


https://drupal.tv/external-video/2018-02-06/how-write-insecure-drupal-8-code



Guardr core

Guests

Benji Fisher - tag1consulting.com @benji17fisher
Mark Shropshire - shrop.dev @shrop
Hosts

Nic Laflin - www.nLighteneddevelopment.com @nicxvan
John Picozzi - www.epam.com @johnpicozzi
Jordan Graham - @jordanlgraham
MOTW Correspondent

Martin Anderson-Clutz - @mandclu
CrowdSec
Integrates your Drupal site with the open source CrowdSec
Security Engine, a collaborative malicious activity detection and
remediation tool.