April 24, 2023
Listen:
Watch:
Topics:
- Why do you care about security
- Best tips for securing Drupal
- Common Security Issues people have with Drupal
- Convincing module maintainers to do full releases
- Testing to ensure security
- Guardr Drupal security distribution
- What does the Drupal Security team do
- Finding issues
- Review compromised sites
- Becoming a member
- Process for writing security notices
- Helping the security team
Resources:
- How to Join the Drupal Security Team
- How to get involved
- Passwords:
- Discussed at this BadCamp talk - Sleep Better at Night with a Secure Drupal Site
- OWASP
- OWASP Zap baseline
- Benji’s talk introducing the OWASP Top Ten
- Github repo building and testing guardr
- Sam Mortenson talk
- Guardr core
Module of the Week:
Integrates your Drupal site with the open source CrowdSec Security Engine, a collaborative malicious activity detection and remediation tool.