DrupalCon Barcelona 2015: Drupal and Security: what you need to know
Slides: http://scor.github.io/drupal-security-2015/
From large vulnerable corporations to cyber attacks causing physical damage, headlines are full with reports of data breaches, stolen Protected Health Information, ransom stories and IT system breaches. With its growing popularity, Drupal has become a perfect target for automated attacks. The recent SA-CORE-2014-005 vulnerability has demonstrated that hackers have learnt how to take advantage of Drupal’s functionality to infect a site and go unnoticed.
Site builders and site maintainers have a large role to play in preventing these kinds of disasters. Security doesn’t have to be a pain to implement and plan for. The primary goal of this session is to give people a solid basis in the most common security issues so they can quickly identify those security issues. From there, we'll move into some other common pain-points of site builders like frequently made mistakes, modules to enhance security, and evaluating contributed module quality.
Key points:
Security outside Drupal: safe computing
What to do about weak passwords
Can Drupal protect against DDoS attacks?
How can the Drupal community help you to achieve optimal security
Configuration mistakes to that make you vulnerable, and ways to avoid them
The single most important security element: fast updates
Developer cheat sheet: protect your code against XSS, SQLi and CSRF
Security improvements in Drupal 7 and Drupal 8
This session will be heavily inspired by this session presented at DrupalCon Austin.
From large vulnerable corporations to cyber attacks causing physical damage, headlines are full with reports of data breaches, stolen Protected Health Information, ransom stories and IT system breaches. With its growing popularity, Drupal has become a perfect target for automated attacks. The recent SA-CORE-2014-005 vulnerability has demonstrated that hackers have learnt how to take advantage of Drupal’s functionality to infect a site and go unnoticed.
Site builders and site maintainers have a large role to play in preventing these kinds of disasters. Security doesn’t have to be a pain to implement and plan for. The primary goal of this session is to give people a solid basis in the most common security issues so they can quickly identify those security issues. From there, we'll move into some other common pain-points of site builders like frequently made mistakes, modules to enhance security, and evaluating contributed module quality.
Key points:
Security outside Drupal: safe computing
What to do about weak passwords
Can Drupal protect against DDoS attacks?
How can the Drupal community help you to achieve optimal security
Configuration mistakes to that make you vulnerable, and ways to avoid them
The single most important security element: fast updates
Developer cheat sheet: protect your code against XSS, SQLi and CSRF
Security improvements in Drupal 7 and Drupal 8
This session will be heavily inspired by this session presented at DrupalCon Austin.