10 Ways Drupal 8 Is More Secure
In a blog post just before Drupal 8 was released I talked about 10 ways Drupal 8 is more secure than past versions.
This talk will go into more depth and background on those points and why they matter.
I will place each of the security improvements into the context of more general PHP web application security (such as which OWASP Top 10 vulnerability it relates to). I will also show some examples where Drupal 7 code had an exploitable vulnerability in the past that would be blocked by design in Drupal 8.
In addition, since I helped drive a number of the issues and implement changes both in Drupal and PHP itself, I will also spend a little time talking about how some these changes came about starting from seeing potential weaknesses in our PHP code to deciding on what change to implement.