Public facing web sites are constantly under attack and keeping websites protected is an arms race, yet security rarely gets a look-in at specification and budget allocation stages of delivering a web site - or at best is an afterthought. Yet everyone has an expectation of security and QOS that implies it is central to every project.
Security considerations should pervade all stages of a project from initial specification, throughout development and testing and on to ongoing hosting and maintenance.
In this session I will cover:
* Common threats to web security with real world case studies of compromised sites,
* Simple approaches to mitigating common threats/vulnerabilities,
* Defence in depth – an overview of the various components of web security,
* Drupal specific measures that standard penetration testing often does not account for.
* An overview of how to benefit from:
* Security monitoring and log analysis
* Intrusion Detection Systems & Firewalls
* Security headers and Content Security Policies (CSP).