LocalGov Drupal Docs
Overview
  • Developers
  • Content designers
  • Designers
  • Contributing
  • Credits System
  • Accessibility
  • Governance
Microsites
Main site
GitHub
Overview
  • Developers
  • Content designers
  • Designers
  • Contributing
  • Credits System
  • Accessibility
  • Governance
Microsites
Main site
GitHub
  • For Developers
  • Getting started
    • Drupal requirements
    • Working with Lando
    • Working with DDEV
    • Debugging with Xdebug
    • Working with Gitpod
  • General configuration
    • Content types
    • Custom modules
    • Image styles
    • Media types
    • Paragraph types
    • Taxonomies
    • User roles
  • Features
    • Services: Technical
    • Alert banners: Technical
    • News: Technical
    • Directories: Technical
    • Location Geo: Technical
    • Subsites: Technical
    • Workflows: Technical
  • Theme
    • LocalGov Base
    • Regions
    • LocalGov Theme (Deprecated)
    • Skeleton theme (Deprecated)
    • Admin theme (Deprecated)
  • Testing
  • Development workflows
    • Installing and deploying a LocalGov Drupal site
  • Hosting
    • Hosting a LocalGov Drupal site
    • Hosting LocalGov Drupal on Azure
  • Release statuses
    • Release statuses
  • Security
    • Best practice guidance
    • Single Sign-On
  • Quality standards
    • Quality standards: Accessibility
    • Quality standard: Documentation
    • Quality standard: Testing
  • How-tos
    • How to use Gitpod to test modules in the browser

Security

The security of your LocalGov Drupal website should be given due consideration before launch.

Keeping abreast of Drupal security advisories is important. See https://www.drupal.org/security

To subscribe to Drupal security emails: log in to Drupal.org, go to your user profile page and subscribe to the security newsletter on the Edit ยป My newsletters tab.

There are also a number of Drupal modules and best practice configurations to help increase the security of your Drupal site.

Penetration testing

A penetration test was commissioned by Invuse in early 2023, the full report is available at the following url.

Invuse Limited - LocalGov Drupal (LGD) Web Application Penetration Test v1.0 (Redacted).pdf

Key recomendations

The report generated some recommendations, which are summarised in:

  • Best practice guidance when installing and configuring LocalGov Drupal.
Help us improve this page!
Last Updated:
Prev
Release statuses
Next
Quality standards