Security in Drupal 8

Securing your Drupal 8 site.

Writing secure code for Drupal 8

Following best practice while writing your own code can help keep it, and your website, secure

Security of generated PHP files

Drupal 8 generates PHP files programmatically, and attackers need to be prevented from doing the same

Secure configuration for site builders

A Drupal site can be configured to be more secure, at the cost of limiting functionality

Drupal 8: Sanitizing Output

Basic techniques for sanitization of text output.

Secure Database Queries

Using the database abstraction layer to avoid SQL injection attacks

US NIST Password Guidelines review

A review of Drupal 8 password storage and usage in relation to NIST guidelines from June 2017

Guide maintainers