Our Highest Priority
Your application and data security are our highest priorities.
We tackle each project from a security-first perspective to ensure that our team is up to speed on industry best practices.
Our Security Tools
The Mediacurrent team leverages the following tools on all developer pull requests:
- An open-source OWASP tool for proactive penetration scans of the application
- Drush pm: security which uses Composer to check for Drupal security updates
- Grumphp security checker for static analysis
- The Security Review module which looks for common configuration problems that make a Drupal site insecure.
Our Security Contribution
Our developers also manage the Drupal.org Guardr security distribution, which is integrated on every new project. Guardr offers several security enhancements and configuration for Drupal applications.
Mediacurrent highly recommends CDNs like Cloudflare that can offer additional security against DDOS and other malicious attacks. See Cloudflare Security Services for more information.
Drupal.org Security Advisories
Each week Drupal's security team will post advisories of vulnerabilities identified in core and contributed modules by the community. Mediacurrent's internal security team tracks these advisories, assesses their impact in the context of each Drupal application, and notifies affected clients. If required, a mitigation plan such as a config change or hotfix release is put into place.