Security

Ensuring the security of your website is critical in our online world.

ASCS reported over 11,000 security incidents affecting Australian businesses in 2014 and this probably only represents a small proportion of incidents due to the stigma that is associated by a security laspe.

Don't underestimate the level of risk or potential economic harm that this can cause your business or institution.

---

Our packages

Our Drupal Site Security package take this concern out of your hands so you can concentrate on running your business.

While you do that, we will be:

  • Monitoring the availability (uptime) of your website
  • Continuously monitoring all Drupal Core security updates released
  • Reviewing the regular Drupal contributed module and theme security updates
  • Assessing your site for forward compatibility of new browsers
  • Monitoring for any modules or themes that go out of support for any reason

This process will occur every January, April, July and October and is priced from $360/year + GST.

---

Our process

When a Drupal security update is released that applies to your website, we will;

  • Create or refresh a test environment for you
  • Apply appropriate security updates to your test environment
  • Internally QA the updates ourselves for obvious issues
  • Advise you of the updates and provide 14 days for you to test
  • Once approved or after 14 days, we will apply the updates to your production site

Drupal Site Security Workflow

We will also keep you regularly informed of any site enhancements we feel are required to your site due to new operating systems, new browser releases, unsupported modules, API changes, etc. Any recommended site enhancements will be quoted and require approval prior to implementation.

---

Critical updates

While extremely rare, any critical updates, like Drupalgeddon (15 October, 2014), will deviate from this workflow and may involve patching or updates that carry to lowest risk in the quickest possible manor.

All of our clients were patched within one business day of this particular security release.

---

Our results

We are constantly monitoring and assessing the updates with a number of automated tools and alerts to ensure that you stay safe.

Since 1st July 2014 alone we have managed 13 core Drupal and 322 project related security releases for our clients. 

Core

13
Releases

Contrib

322
Releases

Assessed

93
Advisories

Updates

1,731
Applied

Are you worried about the security of your site? We are experts. Contact us today.

---

Recent advisories

These are some of the recent security advisories monitored that we have assessed and updated.

  • Views - Moderately Critical - Access Bypass - SA-CONTRIB-2017-022

    Project: Views 7.x
    Vulnerability:
    Thursday, 23rd February 2017
    Advisory ID: DRUPAL-SA-CONTRIB-2017-022 Project: Views (third-party module) Version: 7.x Date: 2017-February-22 Security risk: 10/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon Vulnerability: Access bypass
  • Metatag -Moderately Critical - Information disclosure - SA-CONTRIB-2017-019

    Project: Metatag 7.x
    Vulnerability:
    Thursday, 16th February 2017
    Advisory ID: DRUPAL-SA-CONTRIB-2017-019 Project: Metatag (third-party module) Version: 7.x Date: 2017-February-15 Security risk: 11/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Proof/TD:Uncommon Vulnerability: Information Disclosure
  • Better Exposed Filters - Less Critical - Cross Site Sscripting (XSS) - SA-CONTRIB-2017-009

    Vulnerability:
    Thursday, 2nd February 2017
    Advisory ID: DRUPAL-SA-CONTRIB-2017-009 Project: Better Exposed Filters (third-party module) Version: 7.x Date: 2017-February-01 Security risk: 7/25 ( Less Critical) AC:Complex/A:Admin/CI:None/II:Some/E:Theoretical/TD:Uncommon Vulnerability: Cross Site Scripting
  • OAuth - Less Critical - Access Bypass - SA-CONTRIB-2017-006

    Project: OAuth 7.x
    Vulnerability:
    Thursday, 26th January 2017
    Advisory ID: DRUPAL-SA-CONTRIB-2017-006 Project: OAuth (third-party module) Version: 7.x Date: 2017-January-25 Security risk: 8/25 ( Less Critical) AC:Complex/A:Admin/CI:None/II:Some/E:Theoretical/TD:Default Vulnerability: Access bypass
  • Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005

    Vulnerability:
    Thursday, 17th November 2016
    Advisory ID: DRUPAL-SA-CORE-2016-005 Project: Drupal core Version: 7.x, 8.x Date: 2016-November-16 Security risk: 13/25 ( Moderately Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon Vulnerability: Multiple vulnerabilities
  • Workbench Moderation - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-060

    Vulnerability:
    Thursday, 3rd November 2016
    Advisory ID: DRUPAL-SA-CONTRIB-2016-060 Project: Workbench Moderation (third-party module) Version: 7.x Date: 2016-November-02 Security risk: 11/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon Vulnerability: Information Disclosure
  • Bootstrap - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-058

    Project: Bootstrap 7.x
    Vulnerability:
    Thursday, 3rd November 2016
    Advisory ID: DRUPAL-SA-CONTRIB-2014-0XX Project: Bootstrap (third-party theme) Version: 7.x Date: 2016-November-02 Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default Vulnerability: Cross Site Scripting
  • Webform - Less Critical - Access Bypass - SA-CONTRIB-2016-053

    Project: Webform 7.x
    Vulnerability:
    Thursday, 20th October 2016
    Advisory ID: DRUPAL-SA-CONTRIB-2016-053 Project: Webform (third-party module) Version: 7.x Date: 2016-October-19 Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default Vulnerability: Access bypass
  • Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004

    Vulnerability:
    Thursday, 22nd September 2016
    Description Users who have rights to edit a node, can set the visibility on comments for that node. Advisory ID: DRUPAL-SA-CORE-2016-004 Project: Drupal core Version:li 8.x Date: 2016-September-21 Security risk: 18/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Default Vulnerability:
  • Flag - Moderately Critical - Access Bypass

    Project: Flag 7.x
    Vulnerability: Information Disclosure
    Thursday, 1st September 2016
    The module does not secure settings that are exposed using the rarely used sub-module Flag Bookmark.

These only represent a small fraction of the security advisories released. Please refer to the following pages for a full listing:

Our services

“I really enjoy doing business with you guys. Thanks for always being prompt and meeting my needs as a customer.”
Daniel Roberts