Today we are talking about Drupal Security with Mark Shropshire & Benji Fisher.

For show notes visit: www.talkingDrupal.com/396

Topics

• Why do you care about security
• Best tips for securing Drupal
• Common Security Issues people have with Drupal
• Convincing module maintainers to do full releases
• Testing to ensure security
• Guardr Drupal security distribution
• What does the Drupal Security team do
• Finding issues
• Review compromised sites
• Becoming a member
• Process for writing security notices
• Helping the security team

Resources

• How to Join the Drupal Security Team
• How to get involved
• Passwords:
  • xkcd
  • Spaceballs
• Discussed at this BadCamp talk - Sleep Better at Night with a Secure Drupal Site
• OWASP
• OWASP Zap baseline
• Benji’s talk introducing the OWASP Top Ten
  • Current
  • Other versions
  • Source code (markdown)
• Github repo building and testing guardr
• Sam Mortenson talk
  • https://drupal.slack.com/archives/C1DD80ZKM/p1550697032017600
  • https://drupal.tv/external-video/2018-02-06/how-write-insecure-drupal-8-code
• Guardr core

Guests

Benji Fisher - tag1consulting.com @benji17fisher Mark Shropshire - shrop.dev @shrop

Hosts

Nic Laflin - www.nLighteneddevelopment.com @nicxvan John Picozzi - www.epam.com @johnpicozzi Jordan Graham - @jordanlgraham

MOTW Correspondent

Martin Anderson-Clutz - @mandclu CrowdSec Integrates your Drupal site with the open source CrowdSec Security Engine, a collaborative malicious activity detection and remediation tool.