By Steve Persch
Knowing security best practices only gets a team so far. They have to implement them too. This session will cover the security risks that a web development team faces and the underlying reasons why so many risks go unaddressed. Ultimately, there are no excuses for leaving your web projects exposed to known vulnerabilities. This session will cover common security concerns for Drupal and the root problems a team needs to solve in order to mitigate these risks.
Points of discussion will include:
- How to define end-user personas and QA workflows so that permissions and text filter misconfigurations are caught.
- Clarifying support responsibilities and procedures so that security fixes are applied quickly.
- Understanding how security concerns are handled for community plugins/modules.
- Training for team members for the specific tasks they perform so that they know how to guard against XSS, CSRF database injection and more.
- Familiarity with your hosting platform’s preferences around key management, SSL and other best practices.
Audience:
Intermediate (install and configure modules/themes)
Advanced (sysadmin, module developer)
Track:
Development
Version:
Drupal 8
Drupal 7
