Security is not a one-time activity that is performed and completed. A mature operation promotes continuous improvement in an ever evolving landscape of threats and mitigation techniques. Where does this leave us in the Drupal community? This presentation focuses on the tools and techniques for promoting security in practice related to Drupal, both the infrastructure and the application. We will explore the different user personas and targeted attacks that can be exploited within typical Drupal applications. I’ll present some high level recommendations for mitigating these attacks, including multiple uses of two-factor authentication, development best practices, security conscious development workflows, continuous integration and DevOps practices, log analysis integration, community contribution, and alert and monitoring solutions. I’ll wrap up exploring future opportunities with emerging topics like secret managers, blockchain, and machine learning.
Adam BergsteinAssociate Director of Engineering @ CivicActions
Acquia Grand Master. Developer/project manager with a masters in application security. Work experience in higher education and consulting sectors. Interested in development, dev ops, continuous integration, and Drupal 8. Expertise in other areas, such as planning/specifications, agile/scrum, backlog management, learning/training, and team enablement.