Public facing web sites are constantly under attack and keeping websites protected is an arms race, yet security rarely gets a look-in at specification and budget allocation stages of delivering a web site - or at best is an afterthought. Yet everyone has an expectation of security and QOS that implies it is central to every project.

Security considerations should pervade all stages of a project from initial specification, throughout development and testing and on to ongoing hosting and maintenance.

In this session I will cover:

* Common threats to web security with real world case studies of compromised sites,
* Simple approaches to mitigating common threats/vulnerabilities,
* Defence in depth – an overview of the various components of web security,
* Drupal specific measures that standard penetration testing often does not account for.
* An overview of how to benefit from:
* Security monitoring and log analysis
* Intrusion Detection Systems & Firewalls
* Security headers and Content Security Policies (CSP).


Comments are closed.

Alick Mighall at 16:29 on 1 Jul 2017

I learnt a lot in this. And it's actually I think the first time I've seen George present - and he was great - a really informative session. And loads of things in it I want to try (and harden, obviously...)

Oliver Davies at 22:39 on 1 Jul 2017

Great talk, packed full of information with relevant examples. Quite a few take-aways to implement after seeing this talk.

I know what I'm doing on Monday!! Really clear and informative talk with a lot of quick wins in it. George made the subject of website security much easier to swallow than it seems to be.

Tim Regester at 20:42 on 2 Jul 2017

A great talk which covered all the issues relating to website security and drupal.

Johan Gant at 09:47 on 3 Jul 2017

I haven't seen George speak before but a few things stood out for me:

- The quality and detail of the presentation: the best of the day in my opinion.
- The level of knowledge crammed in: I learned a lot and didn't necessarily expect to.
- The delivery: A really professional, smooth delivery.

Owing to the volume of material, I think this talk might have benefited from a longer slot at a different conference... or even being broken into a few separate smaller talks or blog posts.