George Boobyer - Website insecurity - how your CMS site will get hacked and how to prevent it

Public facing web sites are constantly under attack and keeping websites protected is an arms race, yet security rarely gets a look-in at specification and budget allocation stages of delivering a web site - or at best is an afterthought. Yet everyone has an expectation of security and QOS that implies it is central to every project.

Security considerations should pervade all stages of a project from initial specification, throughout development and testing and on to ongoing hosting and maintenance.

In this session I will cover:

Common threats to web security with real world case studies of compromised sites,
Simple approaches to mitigating common threats/vulnerabilities,
Defence in depth – an overview of the various components of web security,
Drupal specific measures that standard penetration testing often does not account for.
An overview of how to benefit from:
Security monitoring and log analysis
Intrusion Detection Systems & Firewalls
Security headers and Content Security Policies (CSP).

Drupal is a registered trademark of Dries Buytaert.