I've spent most of this summer working on the Drupal module called Security Review. My project was porting it to Drupal 8 as part of Google Summer of Code 2015. I'm happy to say that the requirements have been met long before the end of the programme, so there was no rush at the end of the coding period.
I'm working on porting Security Review to Drupal 8 as my Google Summer of Code project this year. 8 weeks have passed since the beginning of the coding period, and the port is ready to be reviewed. In the remaining 4 weeks I'm going to address issues found by reviewers, possibly add more functionality and solve some issues related to the old version of the module prioritizing issues that are already solved in the D8 port.
Security Review automates checking many of the configuration errors that lead to an insecure Drupal site and looks for existing vulnerabilities and attack attempts. The primary goal of the module is to elevate your awareness of the importance of securing your Drupal site.
If you would like to help, you could review the ported module and post your findings in this issue. It helps if you have used Security Review before.
The 8.x-1.x branch of the code can be downloaded from here. For installation instructions check README.txt.
Alternatively you can use simplytest.me and you won't even have to leave your browser. Start writing Security Review in the first input box, choose the 8.x-1.x branch and start the sandbox! After going through the Drupal installation enable the module on /admin/modules (Extend) and you are ready to start testing. Note: the module has a Drush function that won't be testable this way.
This was the 7th week of Google Summer of Code, and I'm making good progress on porting Security Review to Drupal 8. I'd say it's about 90% done, and I've learnt a lot about Drupal while getting to this point.
For this week my plan was: