project a secure web 2...started on september 9, 2001 by mark curphey, it is an online community...
TRANSCRIPT
![Page 1: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/1.jpg)
Project a Secure Web 2.0(using Drupal)
Paolo Ottolino PMP CISSP-ISSAP CISA CISM OPST ITIL paolo.ottolino (at) isc2chapter-italy.it
May XX, 2016
![Page 2: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/2.jpg)
Agenda
Web 2.0 & CMS
Drupal Security
CMS Cyber Risk
![Page 3: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/3.jpg)
Agenda
Web 2.0 & CMSNeeds, Functionalities, Selection
![Page 4: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/4.jpg)
Web 2.0: Insecure by Design?
![Page 5: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/5.jpg)
Web 2.0 & CMS: Logical Architecture
![Page 6: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/6.jpg)
CMS Solution: Top 3 used products
![Page 7: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/7.jpg)
Most wanted CMS Functionalities…
![Page 8: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/8.jpg)
UK and EU Org & Biz use Drupal…
![Page 9: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/9.jpg)
… but also US makes strong use of Drupal!
![Page 10: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/10.jpg)
Full CMS Functionalities
![Page 11: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/11.jpg)
Agenda
CMS Cyber RiskThreats, Vulnerabilities, Countermeasures
![Page 12: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/12.jpg)
CMS Threats: Security Hacking
![Page 13: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/13.jpg)
CMS Vulnerabilities: Open Web Application SecurityProject
![Page 14: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/14.jpg)
CMS Vulnerabilities: OWASP Top10
![Page 15: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/15.jpg)
CMS Risks: Risk-Threat-Vulnerability Map
![Page 16: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/16.jpg)
CMS Risks: DevOps Security Strategy
![Page 17: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/17.jpg)
CMS Risks: DevOps Security Strategy
![Page 18: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/18.jpg)
Agenda
Drupal SecuritySecurity DevOps, Keeping Secure, Drupal 8
![Page 19: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/19.jpg)
Drupal Security DevOps Strategy
![Page 20: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/20.jpg)
Keeping Secure: CMS Patch Comparison
![Page 21: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/21.jpg)
Keeping Secure: Drupal actors (1/2)
![Page 22: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/22.jpg)
Keeping Secure: Drupal process (2/2)
![Page 23: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/23.jpg)
Keeping Secure: Drupal process (2/2)
![Page 24: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/24.jpg)
Drupal8: Cover the Lacking Functionalities…
![Page 25: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/25.jpg)
Drupal 8: Welcome Easiness!
![Page 26: Project a Secure Web 2...Started on September 9, 2001 by Mark Curphey, it is an online community dedicated to Web Application Security. OWASP works for creating freely-available materials](https://reader034.vdocument.in/reader034/viewer/2022043021/5f3d0237faa4764dff276759/html5/thumbnails/26.jpg)
Grazie
Paolo OttolinoPMP CISSP-ISSAP CISA CISM OPST ITILpaolo.ottolino (at) isc2chapter-italy.it