Problem/Motivation

For Security reporting, The following checks needs to be executed:
Security

  1. Super user (1) Active {Done is initial release}
  2. Trusted host missing {Done is initial release}
  3. Public/private files directory writable by all {Done is initial release}
  4. Display errors enabled on production {Done is initial release}
  5. Outdated PHP version {Done is initial release}
  6. Check for users with matching username and password {Done is initial release}
  7. Development and UI modules enabled (e.g., Devel, Views UI, Fields UI) on production {Done is initial release}
  8. Database security {Done is initial release}
  9. Anonymous/Authenticated role permission
  10. Same site cookie (Strict, lex, none)
  11. Spam protection (Captcha, honeybot)
  12. HTTP Referrer policy
  13. Menu Router (Check for potentially malicious entries in the menu router)
  14. Untrusted users are not allowed to input dangerous HTML tags.
  15. Failed login attempts from same IP.
  16. Header check. (All specified headers present.)
  17. Vendor directory outside of Webroot.
  18. View Access.
  19. File upload extension check.
  20. Update access check
  21. Reverse proxy safety
  22. HTTPS reinforcement
  23. Email safety (Reroute email)

Steps to reproduce

Proposed resolution

Remaining tasks

  1. #3558248: Add check for Anonymous/Authenticated role permission
  2. #3558249: Add check for Same site cookie

User interface changes

API changes

Data model changes

Comments

anmolgoyal74 created an issue. See original summary.

anmolgoyal74’s picture

Issue summary: View changes
anmolgoyal74’s picture

Issue summary: View changes
anmolgoyal74’s picture

Issue summary: View changes
shubham.prakash’s picture

StatusFileSize
new922.62 KB

Done, in other subtasks

shubham.prakash’s picture

Status: Active » Needs review
harivansh’s picture

Status: Needs review » Fixed

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

harivansh’s picture

Status: Fixed » Closed (fixed)