The recent SA-CORE-2014-005 vulnerability has demonstrated that hackers have learnt how to take advantage of Drupal’s functionality to infect a site and go unnoticed. Site builders and site maintainers have a large role to play in preventing these kinds of disasters. Security doesn’t have to be a pain to implement and plan for.
The primary goal of this session is to give people a solid basis in the most common security issues so they can quickly identify those security issues. From there, we'll move into some other common pain-points of site builders like frequently made mistakes, modules to enhance security, and evaluating contributed module quality.
- Security outside Drupal: safe computing
- What to do about weak passwords
- Can Drupal protect against DDoS attacks?
- How can the Drupal community help you to achieve optimal security
- Configuration mistakes to that make you vulnerable, and ways to avoid them
- The single most important security element: fast updates
- Developer cheat sheet: protect your code against XSS, SQLi and CSRF
- Security improvements in Drupal 8