Feb 1 from 2:00 PM-3:00 PM EST
https://join.skype.com/tT2eK2Eeid68
- Google Doc
- Old Business
- Workflow Files were moved
- Ever Been Pwned?
- Discuss the responses
- Documentation for how to harden the server
- Anyone using this stuff? Any knowledge or knowhow?
- TAXII : Sharing cyber-risk intelligence and defensive strategies
- STIX: A structured language for cyber threat intelligence.
- YARA: identify and classify malware
- Rules Repository
- Look at the Hardening production Server Draft
- Create a PR on secure_drupal_file.sh that adds commenting to the file.
- Create a sample from a Key point
- Add a folder to security_docs named sample_scripts
- Add a sample file to uses as a template
Mar 1 from 2:00 PM-3:00 PM EST Chair
- Instead of asking someone to write the whole document start with a skeleton that can be added incrementally
- Discussed a few key points and thought it would make it more approachable
- Utilizing either a gist or scripts within the custom_scripts folder to illustrate how to accomplish this key points
- An example from Discovery Garden: secure_drupal_file.sh
- The code should be accompanied by comments explaining what the code is doing, why it's doing it and where to get more information.
- The hope was for someone to do a PR to this script with the needed comments.
- An example should be made in the sample_scripts folder
- Ed offered to talk about [OWASP Dependency Check](Ed: http://jeremylong.github.io/DependencyCheck/general/thereport.html) next month.