Drupal Security: What You Need to Know
by Ben Jeavons
Software security issues affect organizations of all sizes, along with possibly theft of private data, incidents can cause harm to customer confidence and cause loss of business. While security breaches in companies like Target make headlines, according to the Verizon Data Breach Investigation Study, 71 percent of all data breaches actually occur in businesses with less than 100 employees! It’s important to take security risks seriously and build secure practices into all parts of your software development processes.
While Drupal is secure, sites can be built, configured, and deployed incorrectly, opening up security risks such as Cross-site scripting, SQL injection, and more. Adhering to these basic tenets during Drupal site build and on-going maintenance are advised for achieving a strong security posture:
- Don’t trust user input - Review permissions and roles and apply the principle of least privilege
- Stay up-to-date - Follow and apply security updates for Drupal, server, packages etc.
- Use defense in depth - Have strong passwords, save logs and backups, among other actions
Watch our recent Drupal security webinar to learn about these three ideas as well as:
- How to evaluate user permissions and trust in the context of site security
- Common security risks on the web
- Tips and good processes for staying up-to-date
- How to limit security exposure
Security is a process, not something you can set and forget. For you and your development team we are offering a full-day security training at DrupalCon Austin covering web security risks in-depth and cumulating in a hands-on attack of a Drupal site. Past attendees have overwhelmingly said they would recommend this course to their peers!
Register to attend at https://austin2014.drupal.org/training/security-process-code-hands-training.