DrupalCon Los Angeles 2015: Building secure sites with Drupal

Slides!

From large vulnerable corporations to cyber attacks causing physical damage, headlines are full with reports of data breaches, stolen Protected Health Information, ransom stories and IT system breaches. With its growing popularity, Drupal has become a perfect target for automated attacks. The recent SA-CORE-2014-005 vulnerability has demonstrated that hackers have learnt how to take advantage of Drupal’s functionality to infect a site and go unnoticed.

Site builders and site maintainers have a large role to play in preventing these kinds of disasters. Security doesn’t have to be a pain to implement and plan for. This session will help site builder and architects to have security in mind during site building and beyond. While configuring Drupal properly can plays a big part in keeping hackers at bay, it doesn’t depict the entire picture. In this session, we will also look at the rest of the stack to understand where the pitfalls are.

Key points:

Security outside Drupal: safe computing

What to do about weak passwords

How can the Drupal community help you to achieve optimal security

Common configuration mistakes that make you vulnerable, and ways to avoid them

The single most important security element: fast updates

Security improvements in Drupal 7 and Drupal 8

Drupal is a registered trademark of Dries Buytaert.