Talk in English - UK at DrupalCamp Bristol 2017
Short URL: https://joind.in/talk/8bbea (QR-Code (opens in new window))
Public facing web sites are constantly under attack and keeping websites protected is an arms race, yet security rarely gets a look-in at specification and budget allocation stages of delivering a web site - or at best is an afterthought. Yet everyone has an expectation of security and QOS that implies it is central to every project.
Security considerations should pervade all stages of a project from initial specification, throughout development and testing and on to ongoing hosting and maintenance.
In this session I will cover:
* Common threats to web security with real world case studies of compromised sites,
* Simple approaches to mitigating common threats/vulnerabilities,
* Defence in depth – an overview of the various components of web security,
* Drupal specific measures that standard penetration testing often does not account for.
* An overview of how to benefit from:
* Security monitoring and log analysis
* Intrusion Detection Systems & Firewalls
* Security headers and Content Security Policies (CSP).
Comments are closed.
I learnt a lot in this. And it's actually I think the first time I've seen George present - and he was great - a really informative session. And loads of things in it I want to try (and harden, obviously...)
Great talk, packed full of information with relevant examples. Quite a few take-aways to implement after seeing this talk.
I know what I'm doing on Monday!! Really clear and informative talk with a lot of quick wins in it. George made the subject of website security much easier to swallow than it seems to be.
A great talk which covered all the issues relating to website security and drupal.
I haven't seen George speak before but a few things stood out for me:
- The quality and detail of the presentation: the best of the day in my opinion.
- The level of knowledge crammed in: I learned a lot and didn't necessarily expect to.
- The delivery: A really professional, smooth delivery.
Owing to the volume of material, I think this talk might have benefited from a longer slot at a different conference... or even being broken into a few separate smaller talks or blog posts.