Is Drupal Secure? Drupalgeddon and Our Approach to Security at Exaltation of Larks

Is Drupal secure software? You may have heard about the significant security announcement nicknamed “Drupalgeddon” and are wondering where Drupal fits in today’s fast-changing world of internet threats, enterprise software and risk management.

We stand by Drupal’s security record and recommend it for a variety of business cases. To put our money where our mouth is, our cofounder and chief tin-foil-hat fashionista, Christefano Reyes, is presenting Better Sleep Through Web Security. this Thursday, November 20th, at the San Gabriel Valley Drupal Meetup.

Thanks to a the Greater Los Angeles Drupal user group and its sponsors, this meetup is hosted on the beautiful Fuller Theological Seminary campus in Pasadena, California, and also have a video conference for those who can attend only by video conference or phone.

   Date and time: November 20, 2014 at 6pm Pacific Time
   Location: Fuller Theological Seminary, at 135 N Oakland Ave
Pasadena, CA 91101 (Building “Glasser 110”)
   Video conference: https://glad.zoom.us/j/129319220
   Phone: +1 415-762-9988 or +1 646-568-7788
   Meeting ID: 129 319 220

Better Sleep Through Web Security

Christefano Reyes presents Better Sleep Through Web Security, an in-depth overview of web security, what to do do if your website is hacked, and how to sleep better by following basic web security best practices.

The “Drupalgeddon” vulnerability has been covered in mainstream news including Forbes, the BBC and The Register, and has brought web security, frequently an overlooked part of web development, back to the center stage.

This particular vulnerability, officially known as SA-CORE-2014-005, allows attackers with specialized knowledge to send requests to any unprotected Drupal website that result in arbitrary SQL execution, which in turn may lead to privilege escalation, arbitrary PHP execution and total server control.

Topics that will be covered in this presentation include:

• Security vs. Privacy
• Common Attack Vectors
• Drupal’s security record and the Drupal Security Team
• SA-CORE-2014-005 (also known as “Drupalgeddon”)
• I’ve Been Hacked! Now What?
• Best Practices for Helping Others and Yourself
• Resources
• Questions / Answers

Christefano is one of the founders of Exaltation of Larks, a Drupal design and engineering firm with a worldwide team of Drupal experts; and Droplabs, an open source-friendly coworking space and business incubator near Downtown Los Angeles. As an advocate of open source software and self-declared meetup junky, he helps organize meetups and conferences all over the Greater Los Angeles Area, including the Los Angeles Chess meetup and LA Geek Dinners.

If you haven’t heard of Drupalgeddon or don’t know if your Drupal sites have been updated since the announcement, please stop reading and see the SA-CORE-2014-005 FAQ immediately. You can contact us for any questions related to Drupal maintenance and support, including security services, at 888-527-5752 and via our Contact form.