Security and Scanning - an Open Source Approach

07/24/2015 - 14:00-07/24/2015 - 14:45
Room D
Experience level: 
Session Track: 

Code and DevOps

This track is focused on developers and the back-end technologies to deal with today’s and future challenges. With the coming release of Drupal 8, as well as emerging Web technologies, preparation is essential. These sessions will help you learn how to deliver effective solutions to meet these needs.


All three branches of the Federal Government  and many state and local governments are turning to Drupal to provide a cost-effective and secure internet presence. For some, applying the most recent Security updates to the Operating System and Drupal core and its contributed modules is enough assurance of security. Others demand automated vulnerability management tools, such as provided by the Security Content and Automation Protocol (SCAP). Expensive and/or difficult to obtain closed source SCAP-compatible scanners such as Nessus from Tenable and ACAS from the DoD have generally kept scanning out of the realm of Open Source developers.

This session will discuss our experience with two Free and Open Source tools, GovReady and OpenSCAP, how we installed and configured them, their benefits and drawbacks, and future work aimed at making them easier to use, more comprehensive and secure, and more applicable to Drupal and the LAMP stack it on which it runs.