Drupal Defense in Depth

Presenters: Barrett

Defense in depth is an accepted practice both in the physical and cybersecurity realms and, within Drupal, is mostly accomplished using the roles and permissions features of Drupal core but there is much more which can be done to add redundant security controls to a Drupal application. This talk will assume attendees are already familiar with Drupal's permissioning model and will focus instead on other aspects such as access controlled edit domains, dev-ops security, application monitoring, and securing the application ecosystem.

Attendees will leave the session with a broader understanding of the security options available to them, criterion for deciding what security options are appropriate for their specific application, and a high-level implementation path for each security option.

Experience Level