Are you losing sleep, worrying about your Drupal site’s security? That isn’t healthy! With Drupal being used for building websites and applications in government, non-profits, higher education, and corporate enterprises, it is important to make sure that projects follow regulatory and organizational security controls. Are you ready to learn how to take immediate steps to improve the security of your Drupal installation? Great, let’s get get started.

This session will provide the details you need to create a security-first plan to enhance Drupal’s strong security foundation with community-contributed modules. Attendees will learn how to leverage these community contributions to ensure Drupal’s ability to provide confidentiality, integrity, and availability for your users.

Drupal core and contributed module security enhancements will be demonstrated live. These demonstrations will show how to address many of the concerns listed in the globally recognized OWASP Top 10 Web Application Security Risks document. In addition, attendees will learn how to keep up with official security announcements from the Drupal Security Team, understand Drupal security advisories, and find resources to learn more about Drupal security.

Security risks and improvements covered

• Attack surface reduction
• Broken Access Control
• Cross-Site Scripting XSS
• Insufficient logging & monitoring
• Password policies
• Security misconfiguration
• Using components with known vulnerabilities