Security and Drupal Websites

For intrusion detection testing see http://php-ids.org/ before a website goes live IDS should be performed so the web team are aware of any possible security issues with the site. In Drupal patches can be applied one by one and if a security issue is detected then there could be a possibility of rolling a security patch before production release.

Drupal recommendations for secure text handling > http://drupal.org/node/28984
Drupal secure code standards > http://drupal.org/writing-secure-code

Become a member of the Drupal Security Mailing-List! This will keep you informed with a brief email when new security vulnerabilities have been released. You can easily look and see if any apply to your modules. Alternatively and an easier solution can be to set up your Drupal site to send you an update email when new updates are found for your modules. The site can run a cron job on a regular basis to see if there is any information about module updates for your sites eco-system.