Talking Drupal #396 - Drupal Security

Today we are talking about Drupal Security with Mark Shropshire & Benji Fisher. For show notes visit: www.talkingDrupal.com/396 Topics Why do you care about security Best tips for securing Drupal Common Security Issues people have with Drupal Convincing module maintainers to do full releases Testing to ensure security Guardr Drupal security distribution What does the Drupal Security team do Finding issues Review compromised sites Becoming a member Process for writing security notices Helping the security team Resources How to Join the Drupal Security Team How to get involved Passwords: xkcd Spaceballs Discussed at this BadCamp talk - Sleep Better at Night with a Secure Drupal Site OWASP OWASP Zap baseline Benji’s talk introducing the OWASP Top Ten Current Other versions Source code (markdown) Github repo building and testing guardr Sam Mortenson talk https://drupal.slack.com/archives/C1DD80ZKM/p1550697032017600 https://drupal.tv/external-video/2018-02-06/how-write-insecure-drupal-8-code Guardr core Guests Benji Fisher - tag1consulting.com @benji17fisher Mark Shropshire - shrop.dev @shrop Hosts Nic Laflin - www.nLighteneddevelopment.com @nicxvan John Picozzi - www.epam.com @johnpicozzi Jordan Graham - @jordanlgraham MOTW Correspondent Martin Anderson-Clutz - @mandclu CrowdSec Integrates your Drupal site with the open source CrowdSec Security Engine, a collaborative malicious activity detection and remediation tool.