DrupalCon Vienna 2017: 10 Ways Drupal 8 Is More Secure

In a blog post just before Drupal 8 was released I talked about 10 ways Drupal 8 is more secure than past versions.

This talk will go into more depth and background on those points and why they matter.

I will place each of the security improvements into the context of more general PHP web application security (such as which OWASP Top 10 vulnerability it relates to). I will also show some examples where Drupal 7 code had an exploitable vulnerability in the past that would be blocked by design in Drupal 8. 

In addition, since I helped drive a number of the issues and implement changes both in Drupal and PHP itself, I will also spend a little time talking about how some these changes came about starting from seeing potential weaknesses in our PHP code to deciding on what change to implement.

Drupal is a registered trademark of Dries Buytaert.