lightning talk: security matters @ploneconf 2014
DESCRIPTION
A short lightning talk on some ideas for security on Plone I gave during PloneConf 2014TRANSCRIPT
Security Matters Alexander Loechel on plone.app.vulneritilities
plone.vulnerabilitychecks.* plone.hud
PLONE CONFERENCE BRISTOL 2014
Studies on Security• Security Study on Content
Management Systems published by the German Federal Office for Information Security May 2013
• Take at least 15 min / day / system - Look for updates - Apply Patches
Drupal Security Team
„You should proceed under the assumption that every Drupal 7 website was compromised unless
updated or patched before …after the announcement.“
plone.app.vulnerbilitieshttp://plone.org/hotfixes
plone.hud / plone.app.hud
Supply Information• Check for vulnerabilities on Plone installs:
• plone.vulnerabilitychecks.instance_startup —> disable or warn on startup
• plone.vulnerabilitychecks.buildout —> warn or stop buildout
• plone.vulnerabilitychecks.tests —> For CI Tests
• plone.vulnerabilitycheckes.controlpanel —> Version Information View
• buildout.autoapplyplonehotfixes
• —> github.com/loechel/
• dependencies:
• plone.vulnerabilitychecks.core —> JSON <— plone.app.vulnerabilities
Future Work• Sprinting on that
• Include up-to-date lone.app.vulnerabilities in plone.org and keep Information up-to-date
• May a PLIP to include those Packages in the Installers as a out-commented option with documentation
• Make people more aware of Plone Security