10 Ways Drupal 8 Will Be More Secure
In a recent blog post I talked about 10 ways Drupal 8 will be more secure.
Rather than just repeat what's written, this talk will go into more depth and background on those points.
I will place each of thre secuity improvements into the context of more general PHP web application security (such as which OWASP Top 10 vulnerability it relates to). I will also show some examples where Drupal 7 code had a exploitable vulnerability in the past that would be blocked by design in Drupal 8.
In addition, since I helped drive a number of the issues and implement changes both in Drupal and PHP itself, I will also spend a little time talking about how some these changes came about starting from seeing potential weaknesses in our PHP code to deciding on what change to implement.