SlideShare a Scribd company logo

Drupal Security: What You Need to Know

Download as PPTX, PDF
Mediacurrent
Mediacurrent

This document discusses Drupal security best practices. It begins with introducing Mediacurrent and its vision to empower people with open source technology. It then provides an agenda on Drupal security covering Security-First planning, the Drupal security team and resources, common vulnerabilities, and Drupal best practices such as module selection, patching, and API usage. The document emphasizes automating security processes, monitoring advisories, and cultivating a security-focused culture.

Education
1 of 27
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Drupal Security: What You Need to Know March 25, 2021
The Open Source Expansion Partner
Our vision is to empower every person on the planet with the innovative freedom and community impact that open-source technology offers. Our Vision
Today’s Team Mark Shropshire Senior Director of Development Bobby Gryzynger Senior Developer
Bobby Gryzynger Senior Developer /in/bobby-gryzynger ● From Madison, Wisconsin. Currently in northern NJ ● 5+ years of experience as a Drupal developer ● Enjoys contributing to Drupal development. Has committed work in several contributed modules as well as Drupal core ● Breakfast chef. French toast? Pancakes? I’m your man Skills ● Drupal ● Security ● DevOps ● Project Leadership ● Drupal best- practices
Mark Shropshire Senior Director of Development /in/markshropshire @shrop ● From Concord, North Carolina ● 20+ years of experience as a technical team leader ● Loves empowering teams to excel while using best of class open source technology solutions. ● Passionate about personal and team growth through mentorship, aligning individual purpose with Mediacurrent’s vision ● Plays sax, drums, keys, and bass and has a list of other instruments that he would love to learn! Skills ● Drupal ● Security ● DevOps ● Flutter ● Acquia Site Factory ● Leadership
1. What’s Security-First? 2. Security and The Drupal Community 3. OWASP Top 10 Web Vulnerabilities 4. Drupal Best Practices 5. Q&A Today’s Agenda
What’s Security-First?
Security-First means going beyond compliance to assess risk. It’s both a cultural mindset and a continuous development approach that’s rooted in process automation.
Security-First Planning ● Proactive and collaborative approach with stakeholders ● Layered defense ● Architecture reviews ● Code reviews ● Automated testing ● Continuous improvements ● Security audits (one-offs and ongoing) ● Documentation
Security and The Drupal Community
Drupal Security Team ● Resolves reported security issues in Security Advisories ● Provides assistance for contributed module maintainers in resolving security issues ● Provides documentation on how to write secure code ● Provides documentation on securing your site ● Help the infrastructure team to keep the drupal.org secure ● https://www.drupal.org/security-team
Guardr is a Drupal distribution with a combination of modules and settings to enhance a Drupal application's security and availability to meet enterprise security requirements. Guardr incorporates industry best practices from security standards, regulatory controls, and security certifications. https://drupal.org/project/guardr Drupal Slack: #contrib-guardr
OWASP Top 10 Web Vulnerabilities
| 15 Top 10 Web Application Security Risks Injection Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting XSS Insecure Deserialization Using Components with Known Vulnerabilities Insufficient Logging & Monitoring https://owasp.org/www-project-top-ten
Drupal Best Practices
Module Selection ● Module Usage ● Issue Queue Activity ● Security ● Manual Review and Testing ● Release Status ● Commit Activity ● Project information ● Risk Assessment ● Benefit A Guide to Drupal Module Evaluation
Module patches ● Sometimes, patches are necessary ● Always submit patches to Drupal.org ● Submitting patches allows: ○ Automated testing ○ Maintainer review ● Patches create: ○ Revision history ○ An opportunity for community input
Use Drupal APIs Use Drupal APIs to secure your contrib and custom code. https://api.drupal.org/api/drupal Writing secure code for Drupal
| 20 // Uh, oh: $my_var = "<script>alert('Attack!')</script>"; Not This: $variables['title'] = "Here's a title: " . $my_var; Instead, this: $variables['title'] = t("Here's a title: @title", ['@title' => $my_var]); Also see Drupal::translation()->formatPlural() t()
| 21 // Uh, oh: $my_var = "<script>alert('Attack!')</script>"; // Oh, no: $my_other_var = "<div>some unexpected HTML</div>"; Not This: $variables['title'] = '<p>' . $my_var . '</p>'; $variables['body'] = $node->get('body')->value . $my_other_var; Instead, this: $variables['title'] = Xss::filter($my_var); $variables['body'] = $node->get('body')->value . Html::escape($my_other_var); Xss::filter() and Html::escape()
| 22 Monitor Drupal Security Advisories ● Drupal core ● Drupal contrib projects ● Public service announcements ● Notifications via email and RSS ● Follow @drupalsecurity on Twitter ● Drupal Slack #security-questions ● Read SA documentation https://www.drupal.org/security
| 23 // Uh, oh: $my_var = ", (SELECT * FROM private_data) as attack"; Not this: Drupal::database()->query('SELECT * FROM node_field_data ' . $my_var); Instead, this: // Better. Drupal::database() ->select('node_field_data', 'd') ->fields('d', []) ->condition('d.nid', $my_var); Drupal:database() // Better yet. Drupal::entityTypeManager()-getStorage('node') ->getQuery() ->condition('nid', $my_var);
| 24 Not this: public function myControllerBuild($nid) { // ... $node = $this->entityTypeManager() ->getStorage('node')->load($nid); // ... $build['node'] = $node->view(); return $build; } Controllers Instead, this: public function myControllerBuild($nid) { // ... $node = $this->entityTypeManager() ->getStorage('node')->load($nid); // ... if($node->access('view', $this->currentUser)) { $build['node'] = $node->view(); } return $build; }
| 25 Secure your open source-based martech stack with this resource for best practices. http://bit.ly/open-source-security Download Now CMO’s Guide to Open Source Security
| 26 Key Takeaways Cultivate a security-first culture. Educate yourself on security risks that can impact your organization. Review and monitor Drupal security advisories. Follow Drupal best practices. Automate security processes. Promptly update security releases.
@Mediacurrent Mediacurrent @Mediacurrent MediacurrentDrupal Mediacurrent.com @Mediacurrent Thank You!

More Related Content

What's hot (20)

PDF
We Built This City (On Drupal 8)
Mediacurrent
 
PDF
MagMutual.com: On the JAMStack with Gatsby and Drupal 8
Mediacurrent
 
PDF
Choosing Drupal as your Content Management Framework
Mediacurrent
 
PDF
Guide to Component-Based Theming for Drupal 8 and 9
Mediacurrent
 
PDF
Rain + GatsbyJS: Fast-Tracking to Drupal
Mediacurrent
 
PDF
Penn State scales static Drupal to new heights
Mediacurrent
 
PPTX
Is my website accessible? Common mistakes (and how to fix them)
Mediacurrent
 
PDF
Opening Keynote - DrupalCamp St. Louis 2014
Brad Nowak
 
PPTX
How to Digitally Transform Higher Ed with Drupal
Mediacurrent
 
PDF
Growth hacking with content, marketing automation and your drupal website
Mediacurrent
 
PDF
Leveraging Design Systems to Streamline Web Projects
Mediacurrent
 
PDF
Starting & growing a drupal based business- 6 valuable lessons i have learned
Mediacurrent
 
PPTX
Level Up Your Team: Front-End Development Best Practices
Mediacurrent
 
ODP
Introducing Drupal and Drupal.Org Community in PUP QC, PH
Eleison Cruz
 
PDF
Drupal 8 - what's new?
Edo
 
PDF
DSC Aswan University info session
AhmedHany131
 
PPTX
Gsdc intro session
Miljanorevi1
 
PDF
Shockingly Fast Site Development with Acquia Lightning 4.0
Rachel Wandishin
 
PPTX
Helping the LatinGRAMMYs Reach a Global Audience
Achieve Internet
 
PDF
Planning & Executing Custom Drupal Integration Projects
Achieve Internet
 
We Built This City (On Drupal 8)
Mediacurrent
 
MagMutual.com: On the JAMStack with Gatsby and Drupal 8
Mediacurrent
 
Choosing Drupal as your Content Management Framework
Mediacurrent
 
Guide to Component-Based Theming for Drupal 8 and 9
Mediacurrent
 
Rain + GatsbyJS: Fast-Tracking to Drupal
Mediacurrent
 
Penn State scales static Drupal to new heights
Mediacurrent
 
Is my website accessible? Common mistakes (and how to fix them)
Mediacurrent
 
Opening Keynote - DrupalCamp St. Louis 2014
Brad Nowak
 
How to Digitally Transform Higher Ed with Drupal
Mediacurrent
 
Growth hacking with content, marketing automation and your drupal website
Mediacurrent
 
Leveraging Design Systems to Streamline Web Projects
Mediacurrent
 
Starting & growing a drupal based business- 6 valuable lessons i have learned
Mediacurrent
 
Level Up Your Team: Front-End Development Best Practices
Mediacurrent
 
Introducing Drupal and Drupal.Org Community in PUP QC, PH
Eleison Cruz
 
Drupal 8 - what's new?
Edo
 
DSC Aswan University info session
AhmedHany131
 
Gsdc intro session
Miljanorevi1
 
Shockingly Fast Site Development with Acquia Lightning 4.0
Rachel Wandishin
 
Helping the LatinGRAMMYs Reach a Global Audience
Achieve Internet
 
Planning & Executing Custom Drupal Integration Projects
Achieve Internet
 

Similar to Drupal Security: What You Need to Know (20)

PDF
Doing Drupal security right from Drupalcon London
Gábor Hojtsy
 
PDF
Drupal Security from Drupalcamp Bratislava
Gábor Hojtsy
 
PDF
Doing Drupal security right
Gábor Hojtsy
 
PDF
Building and Maintaining a Distribution in Drupal 7 with Features
Nuvole
 
PDF
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Ann Lam
 
PDF
Hong Kong Drupal User Group - Nov 8th
Wong Hoi Sing Edison
 
PDF
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Ann Lam
 
PDF
Modernize Your Drupal Development
Chris Tankersley
 
PDF
Drupal security
Jozef Toth
 
ODP
Pyramid patterns
Carlos de la Guardia
 
PPTX
Creating Developer-Friendly Docker Containers with Chaperone
Gary Wisniewski
 
PDF
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays
 
PDF
Drupal, lessons learnt from real world security incidents
sydneydrupal
 
PDF
Welcome aboard the team
Roberto Peruzzo
 
PPTX
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICES
DrupalCamp Kyiv
 
PDF
Improving your Drupal 8 development workflow DrupalCampLA
Jesus Manuel Olivas
 
PDF
Tips on Securing Drupal Sites - DrupalCamp Atlanta (DCA)
cgmonroe
 
PDF
Building Drupal Sites with Components
Derek Reese
 
PDF
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Paul McKibben
 
PDF
Drupal for Project Managers, Part 3: Launching
Acquia
 
Doing Drupal security right from Drupalcon London
Gábor Hojtsy
 
Drupal Security from Drupalcamp Bratislava
Gábor Hojtsy
 
Doing Drupal security right
Gábor Hojtsy
 
Building and Maintaining a Distribution in Drupal 7 with Features
Nuvole
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Ann Lam
 
Hong Kong Drupal User Group - Nov 8th
Wong Hoi Sing Edison
 
Hong kong drupal user group nov 8th - drupal 7.32 security vulnerability
Ann Lam
 
Modernize Your Drupal Development
Chris Tankersley
 
Drupal security
Jozef Toth
 
Pyramid patterns
Carlos de la Guardia
 
Creating Developer-Friendly Docker Containers with Chaperone
Gary Wisniewski
 
apidays LIVE New York - Navigating the Sea of Javascript Tools to Discover Sc...
apidays
 
Drupal, lessons learnt from real world security incidents
sydneydrupal
 
Welcome aboard the team
Roberto Peruzzo
 
ONE MORE TIME ABOUT CODE STANDARDS AND BEST PRACTICES
DrupalCamp Kyiv
 
Improving your Drupal 8 development workflow DrupalCampLA
Jesus Manuel Olivas
 
Tips on Securing Drupal Sites - DrupalCamp Atlanta (DCA)
cgmonroe
 
Building Drupal Sites with Components
Derek Reese
 
Help! I inherited a Drupal Site! - DrupalCamp Atlanta 2016
Paul McKibben
 
Drupal for Project Managers, Part 3: Launching
Acquia
 
Ad

More from Mediacurrent (14)

PDF
Penn State News: Pivoting to Decoupled Drupal with Gatsby
Mediacurrent
 
PDF
Evolving How We Measure Digital Success in Higher Ed
Mediacurrent
 
PDF
Delivering Meaningful Digital Experiences in Higher Ed
Mediacurrent
 
PDF
Content Strategy: Building Connections with Your Audience
Mediacurrent
 
PPTX
Reimagining Your Higher Ed Web Strategy
Mediacurrent
 
PPTX
How to Prove Marketing ROI: Overcoming Digital Marketing Challenges
Mediacurrent
 
PDF
The Nonprofits' Guide to Content Strategy
Mediacurrent
 
PDF
Google Optimize: How Mass.gov Builds Great Government UX
Mediacurrent
 
PDF
How We Win With Agile
Mediacurrent
 
PDF
Georgia Tech's Strategic Drupal Redesign
Mediacurrent
 
PPTX
Marketing Attribution Modeling
Mediacurrent
 
PPTX
Mediacurrent Introduction to Emotional Design 2019
Mediacurrent
 
PDF
Habitat for Humanity and Mediacurrent: Expanding with Drupal 8
Mediacurrent
 
PDF
InteractUSG: Intelligent UX in Human Centered Design
Mediacurrent
 
Penn State News: Pivoting to Decoupled Drupal with Gatsby
Mediacurrent
 
Evolving How We Measure Digital Success in Higher Ed
Mediacurrent
 
Delivering Meaningful Digital Experiences in Higher Ed
Mediacurrent
 
Content Strategy: Building Connections with Your Audience
Mediacurrent
 
Reimagining Your Higher Ed Web Strategy
Mediacurrent
 
How to Prove Marketing ROI: Overcoming Digital Marketing Challenges
Mediacurrent
 
The Nonprofits' Guide to Content Strategy
Mediacurrent
 
Google Optimize: How Mass.gov Builds Great Government UX
Mediacurrent
 
How We Win With Agile
Mediacurrent
 
Georgia Tech's Strategic Drupal Redesign
Mediacurrent
 
Marketing Attribution Modeling
Mediacurrent
 
Mediacurrent Introduction to Emotional Design 2019
Mediacurrent
 
Habitat for Humanity and Mediacurrent: Expanding with Drupal 8
Mediacurrent
 
InteractUSG: Intelligent UX in Human Centered Design
Mediacurrent
 
Ad

Recently uploaded (20)

PDF
epi editorial commitee meeting presentation
MIPLM
 
PPTX
Light Reflection and Refraction- Activities - Class X Science
SONU ACADEMY
 
PPTX
How to Send Email From Odoo 18 Website - Odoo Slides
Celine George
 
PDF
Stokey: A Jewish Village by Rachel Kolsky
History of Stoke Newington
 
PPTX
DAY 1_QUARTER1 ENGLISH 5 WEEK- PRESENTATION.pptx
BanyMacalintal
 
PPTX
ENG8_Q1_WEEK2_LESSON1. Presentation pptx
marawehsvinetshe
 
PDF
WATERSHED MANAGEMENT CASE STUDIES - ULUGURU MOUNTAINS AND ARVARI RIVERpdf
Ar.Asna
 
PDF
Exploring the Different Types of Experimental Research
Thelma Villaflores
 
PPTX
Difference between write and update in odoo 18
Celine George
 
PPTX
care of patient with elimination needs.pptx
Rekhanjali Gupta
 
PDF
Governor Josh Stein letter to NC delegation of U.S. House
Mebane Rash
 
PDF
The History of Phone Numbers in Stoke Newington by Billy Thomas
History of Stoke Newington
 
PDF
Aprendendo Arquitetura Framework Salesforce - Dia 03
Mauricio Alexandre Silva
 
PPTX
How to Manage Allocation Report for Manufacturing Orders in Odoo 18
Celine George
 
PDF
Week 2 - Irish Natural Heritage Powerpoint.pdf
swainealan
 
PPTX
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
PDF
Mahidol_Change_Agent_Note_2025-06-27-29_MUSEF
Tassanee Lerksuthirat
 
PPTX
Nitrogen rule, ring rule, mc lafferty.pptx
nbisen2001
 
PDF
Vani - The Voice of Excellence - Jul 2025 issue
Savipriya Raghavendra
 
PPTX
Controller Request and Response in Odoo18
Celine George
 
epi editorial commitee meeting presentation
MIPLM
 
Light Reflection and Refraction- Activities - Class X Science
SONU ACADEMY
 
How to Send Email From Odoo 18 Website - Odoo Slides
Celine George
 
Stokey: A Jewish Village by Rachel Kolsky
History of Stoke Newington
 
DAY 1_QUARTER1 ENGLISH 5 WEEK- PRESENTATION.pptx
BanyMacalintal
 
ENG8_Q1_WEEK2_LESSON1. Presentation pptx
marawehsvinetshe
 
WATERSHED MANAGEMENT CASE STUDIES - ULUGURU MOUNTAINS AND ARVARI RIVERpdf
Ar.Asna
 
Exploring the Different Types of Experimental Research
Thelma Villaflores
 
Difference between write and update in odoo 18
Celine George
 
care of patient with elimination needs.pptx
Rekhanjali Gupta
 
Governor Josh Stein letter to NC delegation of U.S. House
Mebane Rash
 
The History of Phone Numbers in Stoke Newington by Billy Thomas
History of Stoke Newington
 
Aprendendo Arquitetura Framework Salesforce - Dia 03
Mauricio Alexandre Silva
 
How to Manage Allocation Report for Manufacturing Orders in Odoo 18
Celine George
 
Week 2 - Irish Natural Heritage Powerpoint.pdf
swainealan
 
CATEGORIES OF NURSING PERSONNEL: HOSPITAL & COLLEGE
PRADEEP ABOTHU
 
Mahidol_Change_Agent_Note_2025-06-27-29_MUSEF
Tassanee Lerksuthirat
 
Nitrogen rule, ring rule, mc lafferty.pptx
nbisen2001
 
Vani - The Voice of Excellence - Jul 2025 issue
Savipriya Raghavendra
 
Controller Request and Response in Odoo18
Celine George
 

Drupal Security: What You Need to Know

  • 1. Drupal Security: What You Need to Know March 25, 2021
  • 3. Our vision is to empower every person on the planet with the innovative freedom and community impact that open-source technology offers. Our Vision
  • 4. Today’s Team Mark Shropshire Senior Director of Development Bobby Gryzynger Senior Developer
  • 5. Bobby Gryzynger Senior Developer /in/bobby-gryzynger ● From Madison, Wisconsin. Currently in northern NJ ● 5+ years of experience as a Drupal developer ● Enjoys contributing to Drupal development. Has committed work in several contributed modules as well as Drupal core ● Breakfast chef. French toast? Pancakes? I’m your man Skills ● Drupal ● Security ● DevOps ● Project Leadership ● Drupal best- practices
  • 6. Mark Shropshire Senior Director of Development /in/markshropshire @shrop ● From Concord, North Carolina ● 20+ years of experience as a technical team leader ● Loves empowering teams to excel while using best of class open source technology solutions. ● Passionate about personal and team growth through mentorship, aligning individual purpose with Mediacurrent’s vision ● Plays sax, drums, keys, and bass and has a list of other instruments that he would love to learn! Skills ● Drupal ● Security ● DevOps ● Flutter ● Acquia Site Factory ● Leadership
  • 7. 1. What’s Security-First? 2. Security and The Drupal Community 3. OWASP Top 10 Web Vulnerabilities 4. Drupal Best Practices 5. Q&A Today’s Agenda
  • 9. Security-First means going beyond compliance to assess risk. It’s both a cultural mindset and a continuous development approach that’s rooted in process automation.
  • 10. Security-First Planning ● Proactive and collaborative approach with stakeholders ● Layered defense ● Architecture reviews ● Code reviews ● Automated testing ● Continuous improvements ● Security audits (one-offs and ongoing) ● Documentation
  • 12. Drupal Security Team ● Resolves reported security issues in Security Advisories ● Provides assistance for contributed module maintainers in resolving security issues ● Provides documentation on how to write secure code ● Provides documentation on securing your site ● Help the infrastructure team to keep the drupal.org secure ● https://www.drupal.org/security-team
  • 13. Guardr is a Drupal distribution with a combination of modules and settings to enhance a Drupal application's security and availability to meet enterprise security requirements. Guardr incorporates industry best practices from security standards, regulatory controls, and security certifications. https://drupal.org/project/guardr Drupal Slack: #contrib-guardr
  • 14. OWASP Top 10 Web Vulnerabilities
  • 15. | 15 Top 10 Web Application Security Risks Injection Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access Control Security Misconfiguration Cross-Site Scripting XSS Insecure Deserialization Using Components with Known Vulnerabilities Insufficient Logging & Monitoring https://owasp.org/www-project-top-ten
  • 17. Module Selection ● Module Usage ● Issue Queue Activity ● Security ● Manual Review and Testing ● Release Status ● Commit Activity ● Project information ● Risk Assessment ● Benefit A Guide to Drupal Module Evaluation
  • 18. Module patches ● Sometimes, patches are necessary ● Always submit patches to Drupal.org ● Submitting patches allows: ○ Automated testing ○ Maintainer review ● Patches create: ○ Revision history ○ An opportunity for community input
  • 19. Use Drupal APIs Use Drupal APIs to secure your contrib and custom code. https://api.drupal.org/api/drupal Writing secure code for Drupal
  • 20. | 20 // Uh, oh: $my_var = "<script>alert('Attack!')</script>"; Not This: $variables['title'] = "Here's a title: " . $my_var; Instead, this: $variables['title'] = t("Here's a title: @title", ['@title' => $my_var]); Also see Drupal::translation()->formatPlural() t()
  • 21. | 21 // Uh, oh: $my_var = "<script>alert('Attack!')</script>"; // Oh, no: $my_other_var = "<div>some unexpected HTML</div>"; Not This: $variables['title'] = '<p>' . $my_var . '</p>'; $variables['body'] = $node->get('body')->value . $my_other_var; Instead, this: $variables['title'] = Xss::filter($my_var); $variables['body'] = $node->get('body')->value . Html::escape($my_other_var); Xss::filter() and Html::escape()
  • 22. | 22 Monitor Drupal Security Advisories ● Drupal core ● Drupal contrib projects ● Public service announcements ● Notifications via email and RSS ● Follow @drupalsecurity on Twitter ● Drupal Slack #security-questions ● Read SA documentation https://www.drupal.org/security
  • 23. | 23 // Uh, oh: $my_var = ", (SELECT * FROM private_data) as attack"; Not this: Drupal::database()->query('SELECT * FROM node_field_data ' . $my_var); Instead, this: // Better. Drupal::database() ->select('node_field_data', 'd') ->fields('d', []) ->condition('d.nid', $my_var); Drupal:database() // Better yet. Drupal::entityTypeManager()-getStorage('node') ->getQuery() ->condition('nid', $my_var);
  • 24. | 24 Not this: public function myControllerBuild($nid) { // ... $node = $this->entityTypeManager() ->getStorage('node')->load($nid); // ... $build['node'] = $node->view(); return $build; } Controllers Instead, this: public function myControllerBuild($nid) { // ... $node = $this->entityTypeManager() ->getStorage('node')->load($nid); // ... if($node->access('view', $this->currentUser)) { $build['node'] = $node->view(); } return $build; }
  • 25. | 25 Secure your open source-based martech stack with this resource for best practices. http://bit.ly/open-source-security Download Now CMO’s Guide to Open Source Security
  • 26. | 26 Key Takeaways Cultivate a security-first culture. Educate yourself on security risks that can impact your organization. Review and monitor Drupal security advisories. Follow Drupal best practices. Automate security processes. Promptly update security releases.