security

Is Drupal’s open source platform secure?

When deciding on the best CMS to meet your organization’s digital vision, security is often one of the top concerns. 

Here’s the reality. ALL software (closed source, open source, or custom-developed) has the potential for security vulnerabilities. Web security is a fast and ever-changing world. What passes today as secure code may not stay the same tomorrow when new vulnerabilities surface.

Happy Friday Everyone! On the eve of the Drupal Drive-in, happening tomorrow in Charlotte North Carolina, we welcome Mark Shropshire to the show to talk about his favorite topic, Drupal Security!

With cybercrime on the rise, securing data in Drupal has become a hot topic for developers and project stakeholders alike.

In our latest webinar, we were joined by three Drupal security experts from Townsend Security, Lockr and Mediacurrent who shared their approach for building a secure groundwork to protect site data in Drupal.

Top 4 Takeaways 

1. An introduction to  "security by design" and how businesses should be thinking about security.  

2. The right tools to conduct a site security audit. 

Although the most likely cause of the massive Equifax data breach was the firm’s own failure to patch a two-month-old bug, the inherent security of open source software has become a trending topic in tech news.

Mediacurrent’s resident expert, Open Source Security Lead Mark Shropshire, is well-informed to join the conversation. We asked him a few questions to get his take on recent events.
 

What is Guardr?

Guardr is a Drupal distribution with a combination of modules and settings to enhance a Drupal application's security and availability to meet enterprise security requirements. These security requirements have been added after a review and study of industry best practices from security standards, regulatory controls, and security certifications. These include but are not limited to:

Periodically, friends, colleagues, and clients ask me for recommendations on resources to keep up with the happenings in the security world. Even though I am focused on Drupal, I find it important to view security through a wide-angle lens.

While I have had the privilege of attending a number of DrupalCons and camps over the years, I cannot remember one with as many sessions and BOFs (birds of a feather) on the topic of security. In addition to the security talk on the program schedule, I had a great time chatting with individuals in the hallways and a few security focused companies in the exhibit hall. 

Recently while executing a routine task, one of our developers noticed something out of place and brought it to the attention of the team. A process began that lead us to discover something deeper and more sinister. The site were were working on had been compromised by hackers.