Ensuring the security of your website is critical in our online world.
ASCS reported over 11,000 security incidents affecting Australian businesses in 2014 and this probably only represents a small proportion of incidents due to the stigma that is associated by a security laspe.
Don't underestimate the level of risk or potential economic harm that this can cause your business or institution.
Our Drupal Site Security package take this concern out of your hands so you can concentrate on running your business.
While you do that, we will be:
- Monitoring the availability (uptime) of your website
- Continuously monitoring all Drupal Core security updates released
- Reviewing the regular Drupal contributed module and theme security updates
- Assessing your site for forward compatibility of new browsers
- Monitoring for any modules or themes that go out of support for any reason
This process will occur every January, April, July and October and is priced from $360/year + GST.
When a Drupal security update is released that applies to your website, we will;
- Create or refresh a test environment for you
- Apply appropriate security updates to your test environment
- Internally QA the updates ourselves for obvious issues
- Advise you of the updates and provide 14 days for you to test
- Once approved or after 14 days, we will apply the updates to your production site
We will also keep you regularly informed of any site enhancements we feel are required to your site due to new operating systems, new browser releases, unsupported modules, API changes, etc. Any recommended site enhancements will be quoted and require approval prior to implementation.
While extremely rare, any critical updates, like Drupalgeddon (15 October, 2014), will deviate from this workflow and may involve patching or updates that carry to lowest risk in the quickest possible manor.
All of our clients were patched within one business day of this particular security release.
We are constantly monitoring and assessing the updates with a number of automated tools and alerts to ensure that you stay safe.
Since 1st July 2014 alone we have managed 13 core Drupal and 322 project related security releases for our clients.
Are you worried about the security of your site? We are experts. Contact us today.
These are some of the recent security advisories monitored that we have assessed and updated.
Views - Moderately Critical - Access Bypass - SA-CONTRIB-2017-022Project: Views 7.xVulnerability:Thursday, 23rd February 2017Advisory ID: DRUPAL-SA-CONTRIB-2017-022 Project: Views (third-party module) Version: 7.x Date: 2017-February-22 Security risk: 10/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon Vulnerability: Access bypass
Metatag -Moderately Critical - Information disclosure - SA-CONTRIB-2017-019Project: Metatag 7.xVulnerability:Thursday, 16th February 2017Advisory ID: DRUPAL-SA-CONTRIB-2017-019 Project: Metatag (third-party module) Version: 7.x Date: 2017-February-15 Security risk: 11/25 ( Moderately Critical) AC:Complex/A:None/CI:Some/II:None/E:Proof/TD:Uncommon Vulnerability: Information Disclosure
Better Exposed Filters - Less Critical - Cross Site Sscripting (XSS) - SA-CONTRIB-2017-009Project: Better Exposed Filters 7.xVulnerability:Thursday, 2nd February 2017Advisory ID: DRUPAL-SA-CONTRIB-2017-009 Project: Better Exposed Filters (third-party module) Version: 7.x Date: 2017-February-01 Security risk: 7/25 ( Less Critical) AC:Complex/A:Admin/CI:None/II:Some/E:Theoretical/TD:Uncommon Vulnerability: Cross Site Scripting
OAuth - Less Critical - Access Bypass - SA-CONTRIB-2017-006Project: OAuth 7.xVulnerability:Thursday, 26th January 2017Advisory ID: DRUPAL-SA-CONTRIB-2017-006 Project: OAuth (third-party module) Version: 7.x Date: 2017-January-25 Security risk: 8/25 ( Less Critical) AC:Complex/A:Admin/CI:None/II:Some/E:Theoretical/TD:Default Vulnerability: Access bypass
Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005Project: Drupal core 7.x, 8.xVulnerability:Thursday, 17th November 2016Advisory ID: DRUPAL-SA-CORE-2016-005 Project: Drupal core Version: 7.x, 8.x Date: 2016-November-16 Security risk: 13/25 ( Moderately Critical) AC:None/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon Vulnerability: Multiple vulnerabilities
Workbench Moderation - Moderately Critical - Information Disclosure - SA-CONTRIB-2016-060Project: Workbench Moderation 7.xVulnerability:Thursday, 3rd November 2016Advisory ID: DRUPAL-SA-CONTRIB-2016-060 Project: Workbench Moderation (third-party module) Version: 7.x Date: 2016-November-02 Security risk: 11/25 ( Moderately Critical) AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon Vulnerability: Information Disclosure
Bootstrap - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-058Project: Bootstrap 7.xVulnerability:Thursday, 3rd November 2016Advisory ID: DRUPAL-SA-CONTRIB-2014-0XX Project: Bootstrap (third-party theme) Version: 7.x Date: 2016-November-02 Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default Vulnerability: Cross Site Scripting
Webform - Less Critical - Access Bypass - SA-CONTRIB-2016-053Project: Webform 7.xVulnerability:Thursday, 20th October 2016Advisory ID: DRUPAL-SA-CONTRIB-2016-053 Project: Webform (third-party module) Version: 7.x Date: 2016-October-19 Security risk: 9/25 ( Less Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default Vulnerability: Access bypass
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004Project: Drupal core li 8.xVulnerability:Thursday, 22nd September 2016Description Users who have rights to edit a node, can set the visibility on comments for that node. Advisory ID: DRUPAL-SA-CORE-2016-004 Project: Drupal core Version:li 8.x Date: 2016-September-21 Security risk: 18/25 ( Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:Default Vulnerability:
Flag - Moderately Critical - Access BypassProject: Flag 7.xAdvisory: SA-CONTRIB-2016-050Vulnerability: Information DisclosureThursday, 1st September 2016The module does not secure settings that are exposed using the rarely used sub-module Flag Bookmark.
These only represent a small fraction of the security advisories released. Please refer to the following pages for a full listing: