Drupal and security - Advice for Site Builders and Coders

The recent SA-CORE-2014-005 vulnerability has demonstrated that hackers have learnt how to take advantage of Drupal’s functionality to infect a site and go unnoticed. Site builders and site maintainers have a large role to play in preventing these kinds of disasters. Security doesn’t have to be a pain to implement and plan for.

The primary goal of this session is to give people a solid basis in the most common security issues so they can quickly identify those security issues. From there, we'll move into some other common pain-points of site builders like frequently made mistakes, modules to enhance security, and evaluating contributed module quality.

Key points:

  • Security outside Drupal: safe computing
  • What to do about weak passwords
  • Can Drupal protect against DDoS attacks?
  • How can the Drupal community help you to achieve optimal security
  • Configuration mistakes to that make you vulnerable, and ways to avoid them
  • The single most important security element: fast updates
  • Developer cheat sheet: protect your code against XSS, SQLi and CSRF
  • Security improvements in Drupal 8