Drupal Security Presentation Resources

This articles features links and information from the Peerless design Security presentation from various Drupal Camps in the Eastern US. Audio from New Jersey's impromptu presentation can be found on the Drupal Camp NJ site for 2014. The PDF version contains all info removed to accommodate time constraints. The entire presentation is available in a white paper available here.

Presentation Files

Bmore Camp logo

 

Baltimore Drupal Camp 2014 Presentation

 

Drupaldelphia logo

 

Drupaldelphia Sept 2014 Presentation

 

 

For a copy of the presentation download the pdf or please contact me for other formats.

OWASP NIST Drupal

OWASP

OWASP Top 10(pdf)

NIST Cybersecurity Framework Website

NIST Cybersecurity Framework Current Version(pdf)

FISMA & NIST

Drupal Security Advisories

Drupal Secured Distribution

Drupal & OWASP

Vulnerability Drupal Modules
A1 - Injection Drupal Core, Security Review
A2 - Broken Authentication and Session Management Automated Logout, Session Limit, Username Enumeration Prevention, Secure Login, Password Policy, Login Security
A3 – Cross-Site Scripting (XSS): Input Filters(core), Security Kit, Content Security Policy, HTML Purifier
A4 – Insecure Direct Object References Drupal's rich permissions and access control system prevent unauthorized requests.
A5 – Security Misconfiguration: Security Review, Automated Logout, Session Limit, Username Enumeration Prevention Secure Login, Password Policy Login Security
A6 - Sensitive Data Exposure Automated Logout, Session Limit, Username Enumeration Prevention Secure Login, Password Policy, Login Security
A7 – Missing Function Level Access Control Drupal has an easy to use and manage, very granular user management system making it easy for site managers to set up and maintain
A8 - Cross-Site Request Forgery (CSRF) Security Kit, Content Security Policy, HTML Purifier
A9 - Using Components with Known Vulnerabilities Be sure to update your libraries. Server and Drupal
A10 – Unvalidated Redirects and Forwards Internal page redirects cannot be used to circumvent Drupal's integrated menu and access control system.

 

What our clients are saying

...your punctuality, your casual and open personalities, and both your hard copy and online portfolios speak very highly of you and your business as well
I love directing our customers to our new site knowing that they are going to be able to find exactly what they are looking for...
...very responsive to our questions and needs
A great experience and a much improved website.
...took my less than mediocre site and completely revamped it into a beautiful, professional, and easy-to-navigate site
...we just want you to know that we are appreciative!
I'm so happy we chose to work with PEERLESS Design.
...dedicated, competent and driven to get the job done and done well.
... they also made suggestions which showed me that they fully understood what I wanted to accomplish.
I have seen the first layouts and they are awesome...
...I have no doubt we will have the best site in the 2010 election of any PA candidate
... incredibly impressed with what you brought to the table
I had a very tight deadline and budget, and they met it, seemingly with ease.
...a pleasure to work with, combining patience (for my busy schedule and at times overwhelmed brain) with her strong motivation and energy to keep me going
...continued to monitor it closely and is still always available to help me if I have any questions
Thanks so much for everything!
I realized that I had picked the right company to work with soon after beginning a project with Peerless Design, Inc.
...creative, independent, responsive...
...can do anything any other designer can do and generally quicker, cheaper and better.
...able to translate technical information in an accessible way...
I would highly recommend her for any position requiring IT design and development
...able to take my abstract ideas and add their expertise to bring them to life in a way that was better than I could have imagined!
" PDI provides us prompt, effective and efficient service in maintaining our Drupal based website."
...provided us with excellent, expert service in a professional and personable manner.
I would highly recommend her for any position requiring IT design and development