Security in Practice: Tools and Techniques
Security is not a one-time activity that is performed and completed. A mature operation promotes continuous improvement in an ever evolving landscape of threats and mitigation techniques. Where does this leave us in the Drupal community?
This presentation focuses on the tools and techniques for promoting security in practice related to Drupal, both the infrastructure and the application. We will explore the different user personas and targeted attacks that can be exploited within typical Drupal applications.
I’ll present recommendations for mitigating these attacks, including multiple uses of two-factor authentication, development best practices, security conscious development workflows, continuous integration and DevOps practices, log analysis integration, community contribution, and alert and monitoring solutions.
This talk is intended for anyone curious about building security into team operations, exposing security-related information needed to improve with time, and solutions specific to securing Drupal implementations. Key takeaways include a set of practices, tools, and considerations for both the people and technology tied to Drupal implementations. Come learn how we can leverage security in many aspects of work we do to build trust, confidence, and mitigate risk.