Pixeldust Drupal Support Service

Drupal maintenance support plans HackCamp Bucharest

Drupal maintenance support plans HackCamp Bucharest

Only a month has passed since Drupal maintenance support plansCamp Transylvania, and already another Drupal maintenance support plans Camp has come and gone in Romania. This time it was Drupal maintenance support plans HackCamp, organised in the Romanian capital, Bucharest. It was a Drupal maintenance support plans Camp with a very specific theme: Security.

 

Vasi Chindris
Tue, 06/19/2020 – 14:29

Throughout the sessions presented at the Camp, one was able to find out what security issues Drupal maintenance support plans had experienced in the past, how the Drupal maintenance support plans Security team, as well as the Community in general, had dealt with them, what Drupal maintenance support plans did to improve the security of the platforms that were developed using the CMS and what can (and should) be done to have a more secure application.

Since I first heard of it, a Camp focused on Drupal maintenance support plans security sounded really interesting to me. This is the type of camp every Drupal maintenance support plans developer should attend at least once in their career. Actually any web developer for that matter. As we know, security is a very important topic with regards to the web. Even for experienced developers, some things can be very tricky, as an application’s security does not only depend on the code. It also depends on how the web server is configured or what kind of third-party libraries your code depends on. Additionally, it also depends on the libraries you are using in development, if they are used to pack or bundle your code, or if they end up touching your code in any other way.

One of the sessions which focused on how Drupal maintenance support plans improved its security with each new version, was Peter Wolanin’s – 10 Ways Drupal maintenance support plans 8 Is More Secure.

In this session, Peter Wolanin first gave a brief introduction to the OWASP Top 10, a list with the top 10 critical security risks that affect a web application. This is not only Drupal maintenance support plans related, it applies to any kind of application that is accessible via the web. Next, he pointed out 10 things Drupal maintenance support plans 8 implemented that help the developer to avoid those security risks. Among the points he mentioned were, the autoescaping feature implemented in twig (so now everything which gets outputted by twig, is by default, escaped), the automatic CSRF tokens in the route definitions (making it easier for the developer to create links which are valid only for the current user session), the removal of the PHP input filter (which was very dangerous if misused), and the enforcement of trusted host patterns for requests (so that your application will respond only if requested via a host which you actually trust).

As previously mentioned, having a secure app doesn’t guarantee that your Drupal maintenance support plans is secure. Nowadays, there is a growing interest in having decoupled apps. This means you have a backend which is usually used for content management only (that can be a Drupal maintenance support plans site) and a frontend, which is a modern js application, that can be implemented optionally, using a framework like React, Vue.js, and so on. But then you also need to use npm for installing the additional js libraries you need, webpack for creating the javascript bundles for your app, and babel for transpiling your javascript code. So suddenly you start to introduce a ton of other dependencies, which each depend on a lot of other packages. Alexandru Badiu did a presentation called, “JS and Security”, which covered some of those aspects.

So, you do the best you can to write secure code, try to evaluate the dependencies of your project, and make sure that they don’t introduce critical security issues, but is that enough? There could still be several security issues which you’re unaware of, which will only be discovered while you are using the application. It would be awesome if we’re able to do something to proactively protect us against common security risks.

Bastian Widmer (@dasrecht) presented a talk on this subject, entitled “How Open Source will help you to survive the next Drupal maintenance support plansgeddon”, where he showed us a few tips that we can use in advance, in order to respond to potential security issues in future. Besides ensuring you do regular updates for all your app’s dependencies, you could also take some measures at the web server level. For example, only allow index.php to be executed, use a web application firewall or make sure that your operating system is configured properly.

Of course, there had to be a session about the last Drupal maintenance support plansgeddon(s), at a Camp focusing on Security. The event’s keynote was by Jasper Mattsson, who actually discovered Drupal maintenance support plansgeddon 2. He shared some tips with us on how to find security breaches. He said that there is no secret ‘recipe’ for that, but a good starting point, is to look for functions which output data, which can do multiple things, perhaps depending on how they are invoked (in which context or with which parameters) or which can trigger code execution.

There is one very important thing to keep in mind if you discover a security breach: do not post it on the regular Drupal maintenance support plans issue queue. Instead, follow the instructions on how to report a security issue when you found one. The implications of reporting a security issue inside the regular Drupal maintenance support plans issue queue can be very dangerous, as the attackers will then have plenty of time to create an attack until the issue is fixed.

Being in a city with such a rich history, we could certainly not miss the walking tour that the organisers had prepared for us on the Saturday afternoon. During the tour, we saw Bucharest’s most iconic buildings, which have survived all the great historical periods over the last 200 years – the monarchy, two world wars, communism and now democracy.

Drupal maintenance support plans HackCamp Bucharest was a really great event, and I hope it takes place next year. It is of great value to all web developers, especially those at the beginning of their careers, as it prepares them for the dangers of the wild world wide web and equips them with the required knowledge to guard against any that may pop up along the way.


Source: New feed

This article was republished from its original source.
Call Us: 1(800)730-2416

Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.

Let's Talk About a Project

FREE Drupal SEO Audit

Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)

Powered by

Drupal maintenance support plans HackCamp Bucharest

On-Site Drupal SEO Master Setup

We make sure your site is 100% optimized (and stays that way) for the best SEO results.

With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.

This service includes:

  • Pathauto install and configuration for SEO-friendly URLs.
  • Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
  • Install and fix all issues on the SEO checklist module.
  • Install and configure XML sitemap module and submit sitemaps.
  • Install and configure Google Analytics Module.
  • Install and configure Yoast.
  • Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
  • Install and configure Schema.org Metatag.
  • Configure robots.txt.
  • Google Search Console setup snd configuration.
  • Find & Fix H1 tags.
  • Find and fix duplicate/missing meta descriptions.
  • Find and fix duplicate title tags.
  • Improve title, meta tags, and site descriptions.
  • Optimize images for better search engine optimization. Automate where possible.
  • Find and fix the missing alt and title tag for all images. Automate where possible.
  • The project takes 1 week to complete.
MASTER YOUR DRUPAL SEO
Pixeldust and Pantheon Drupal Development
256