Drupal Security: What You Need to Know

Software security issues affect organizations of all sizes, along with possibly theft of private data, incidents can cause harm to customer confidence and cause loss of business. While security breaches in companies like Target make headlines, according to the Verizon Data Breach Investigation Study, 71 percent of all data breaches actually occur in businesses with less than 100 employees! It’s important to take security risks seriously and build secure practices into all parts of your software development processes.

While Drupal is secure, sites can be built, configured, and deployed incorrectly, opening up security risks such as Cross-site scripting, SQL injection, and more. Adhering to these basic tenets during Drupal site build and on-going maintenance are advised for achieving a strong security posture:

  1. Don’t trust user input - Review permissions and roles and apply the principle of least privilege
  2. Stay up-to-date - Follow and apply security updates for Drupal, server, packages etc.
  3. Use defense in depth - Have strong passwords, save logs and backups, among other actions

Watch our recent Drupal security webinar to learn about these three ideas as well as:

  • How to evaluate user permissions and trust in the context of site security
  • Common security risks on the web
  • Tips and good processes for staying up-to-date
  • How to limit security exposure

Security is a process, not something you can set and forget. For you and your development team we are offering a full-day security training at DrupalCon Austin covering web security risks in-depth and cumulating in a hands-on attack of a Drupal site. Past attendees have overwhelmingly said they would recommend this course to their peers!

Register to attend at https://austin2014.drupal.org/training/security-process-code-hands-training.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Filtered HTML

  • Use [acphone_sales], [acphone_sales_text], [acphone_support], [acphone_international], [acphone_devcloud], [acphone_extra1] and [acphone_extra2] as placeholders for Acquia phone numbers. Add class "acquia-phones-link" to wrapper element to make number a link.
  • To post pieces of code, surround them with <code>...</code> tags. For PHP code, you can use <?php ... ?>, which will also colour it based on syntax.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <h4> <h5> <h2> <img>
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.