Lightning Talk: Security matters @ploneconf 2014
-
Upload
alexander-loechel -
Category
Internet
-
view
73 -
download
0
description
Transcript of Lightning Talk: Security matters @ploneconf 2014
Security Matters Alexander Loechel on plone.app.vulneritilities
plone.vulnerabilitychecks.* plone.hud
PLONE CONFERENCE BRISTOL 2014
Studies on Security• Security Study on Content
Management Systems published by the German Federal Office for Information Security May 2013
• Take at least 15 min / day / system - Look for updates - Apply Patches
Drupal Security Team
„You should proceed under the assumption that every Drupal 7 website was compromised unless
updated or patched before …after the announcement.“
plone.app.vulnerbilitieshttp://plone.org/hotfixes
plone.hud / plone.app.hud
Supply Information• Check for vulnerabilities on Plone installs:
• plone.vulnerabilitychecks.instance_startup —> disable or warn on startup
• plone.vulnerabilitychecks.buildout —> warn or stop buildout
• plone.vulnerabilitychecks.tests —> For CI Tests
• plone.vulnerabilitycheckes.controlpanel —> Version Information View
• buildout.autoapplyplonehotfixes
• —> github.com/loechel/
• dependencies:
• plone.vulnerabilitychecks.core —> JSON <— plone.app.vulnerabilities
Future Work• Sprinting on that
• Include up-to-date lone.app.vulnerabilities in plone.org and keep Information up-to-date
• May a PLIP to include those Packages in the Installers as a out-commented option with documentation
• Make people more aware of Plone Security