Greg Knaddison on Security Audits with Drupal Scout
Greg Knaddison is a long-time member of the Drupal Security Team and author of the Cracking Drupal book, and he talks about a new company called Drupal Scout that provides a variety of different security audits. Since a lot of the security vulnerabilities come from custom code and site configuration, Drupal Scout offers an automated service where you provide a sanitized version of your site and they'll try to hack into it and expose any potential vulnerabilities. They also provide custom code reviews as well as enterprise-level services where they'll set up their automated system on your own infrastructure if providing a database dump of your site is not an option. Knaddison discusses some best practices for Drupal security, and what to look out for when writing Drupal modules in order to help make them secure. For more information, be sure to check out Knaddison's DrupalCon Chicago presentation on "Drupal Security for Coders."