How sites get hacked: Recipes for enforcing security

Keeping websites protected from malicious attack is a constant arms race.

Fortunately there are several established counter measures that are simple to implement and effective in mitigating common threats.

In this session I will cover:

• Common threats to web security with real world case studies of compromised websites and how hackers operate,

• The various attack surfaces of a website; from the server, down the wire to presentation in the client browser.

• Simple approaches to mitigating common threats/vulnerabilities.

• Drupal specific measures that standard penetration tests often do not account for.

• How to implement and benefit from a Content Security Policy (CSP).

The presentation is aimed at all levels of Drupal knowledge and anyone responsible for any stage in the delivery of information over the web; regardless of whether they are managers, developers or content editors.

Attendees do not require specialist knowledge and will get an insight into how 'hackers' operate, the various modes of attack, review some real world examples and see how counter measures can be put in place.

Attendees will take home:

• that security is not a 'one off' but an ongoing responsibility,

• but that it shouldn't be intimidating and is achievable (especially with Drupal),

• and hopefully will be inspired to initiate a Content Security Policy for websites they manage.