Defense in Depth: Lessons learned securing 100000 Drupal Sites

Heartbleed Shell Shock POODLE Drupalgeddon and Ghost.
How is it possible to secure my website in the face of the hackzor onslaught? Every bit of software in your stack composes compromisable surface area so you have to think about security from the OS to the JS and beyond.
When securing your website you need to think breadth as well as depth theres no use in having 3 deadbolts a pit bull and a portcullis on your front door while leaving your porch door unlocked.
Well start at the 10000 level reviewing the risks and drivers of website security then zoom in for a birds-eye view of security best practices and finally deep-dive on a few of the most effective attack mitigation strategies. Topics we will cover: What security means for your business: compliance and risk management The security triad: Confidentiality Integrity and Availability OWASP Top 10 Evaluating hosting options based on security Securing your operating system Configuring Nginx and Apache for security Understanding contrib module security Configuring Drupal for Security How to address DOS with a CDN a battle of 3 letter acronyms Data encryption Key Management Dont tape your key to the front door PII - What is it and why does it matter? Securing your users: Password security and best practices Real world scenarios This will be the follow up to the session at Drupalcon Los Angeles and Barcelona

Источник: rutube.ru