DrupalCon Vienna 2017: 10 Ways Drupal 8 Is More Secure
Video Description
In a blog post just before Drupal 8 was released I talked about 10 ways Drupal 8 is more secure than past versions.
This talk will go into more depth and background on those points and why they matter.
I will place each of the security improvements into the context of more general PHP web application security (such as which OWASP Top 10 vulnerability it relates to). I will also show some examples where Drupal 7 code had an exploitable vulnerability in the past that would be blocked by design in Drupal 8.
In addition, since I helped drive a number of the issues and implement changes both in Drupal and PHP itself, I will also spend a little time talking about how some these changes came about starting from seeing potential weaknesses in our PHP code to deciding on what change to implement.
This talk will go into more depth and background on those points and why they matter.
I will place each of the security improvements into the context of more general PHP web application security (such as which OWASP Top 10 vulnerability it relates to). I will also show some examples where Drupal 7 code had an exploitable vulnerability in the past that would be blocked by design in Drupal 8.
In addition, since I helped drive a number of the issues and implement changes both in Drupal and PHP itself, I will also spend a little time talking about how some these changes came about starting from seeing potential weaknesses in our PHP code to deciding on what change to implement.