Web Security: Tales from the Field -- How to not get hacked.

Become a web security detective and join us as we look at some cases of compromised websites drawn from real-life events. We'll cover four "tales" of hacked sites, from uncovering the hack, to tracking down the root cause, to mitigating theproblem. You'll learn techniques for trouble-shooting hacked sites and increase your awareness of common attacks. This presentation is offered by members of the Drupal Security Team, a global team responsible for the security of the Drupal open-source content management platform.

We aim to make web security more engaging by inviting session participants to use their creative problem-solving abilities to learn how to track down the causes of common website hacks. We'll also cover security issues unique to the Drupal content management system, a platform used by hundreds of major universities including Stanford, Harvard and UC-Berkeley. Websites in higher education need to be especially cognizant of web security when FERPA-protected information may be at stake. While web security can be intimidating to beginners - including early-career web developers - it's not difficult to maintain a secure Drupal website. We'll share best practices and recommendations as to how to approach security for your site.