Building secure sites with Drupal



From large vulnerable corporations to cyber attacks causing physical damage, headlines are full with reports of data breaches, stolen Protected Health Information, ransom stories and IT system breaches. With its growing popularity, Drupal has become a perfect target for automated attacks. The recent SA-CORE-2014-005 vulnerability has demonstrated that hackers have learnt how to take advantage of Drupal’s functionality to infect a site and go unnoticed.

Site builders and site maintainers have a large role to play in preventing these kinds of disasters. Security doesn’t have to be a pain to implement and plan for. This session will help site builder and architects to have security in mind during site building and beyond. While configuring Drupal properly can plays a big part in keeping hackers at bay, it doesn’t depict the entire picture. In this session, we will also look at the rest of the stack to understand where the pitfalls are.

Key points:

  • Security outside Drupal: safe computing

  • What to do about weak passwords

  • How can the Drupal community help you to achieve optimal security

  • Common configuration mistakes that make you vulnerable, and ways to avoid them

  • The single most important security element: fast updates

  • Security improvements in Drupal 7 and Drupal 8

Session Track

Site Building

Experience Level


Drupal Version

When & Where

Tuesday, 12 May, 2015 - 10:45 to 11:45
Petree D - Blink Reaction + Pro People