Security in Drupal 8: Tips and Tricks

Adam Bergstein

Security is a principle concern for both enterprise and public sector websites. As site building shifts into Drupal 8, organizations are seeking applicable information on baking security into the process from the beginning.

This talk will explore some of the core and contributed solutions that help resolve problems that negatively impact the security of a Drupal 8 installation. We’ll review site building and architecture, and provide application-level hardening techniques for security topics like auditing, access control, phishing, authentication, encryption, and log management. As a final take-home checklist, we’ll give some high-level tips for improving the security of your DevOps processes and hosting environments.

Drupal is a registered trademark of Dries Buytaert.