Security in Drupal 8: Tips and Tricks

Security is a principle concern for both enterprise and public sector websites. As site building shifts into Drupal 8, organizations are seeking applicable information on baking security into the process from the beginning.

This talk will explore some of the core and contributed solutions that help resolve problems that negatively impact the security of a Drupal 8 installation. We’ll review site building and architecture, and provide application-level hardening techniques for security topics like auditing, access control, phishing, authentication, encryption, auditing, and log management. As a final take-home checklist, we’ll give some high-level tips for improving the security of your DevOps processes and hosting environments.

About the Speaker

Adam Bergstein (Drupal.org ID: nerdstein) has over eight years of Drupal development experience architecting enterprise-grade solutions across a variety of sectors. He has ported many popular security and compliance related modules to Drupal 8, like Password Policy, Password Strength, Two-Factor Authentication, Google Authenticator Login, Encrypt, Key, File Encrypt, Field Encrypt, and Pubkey Encrypt. Adam currently works as Associate Director of Engineering for CivicActions, providing web-driven open source web solutions for public sector clients who are often subject to strict security and compliance regulations. Adam has a Masters of Science in Information Security and Engineering from Penn State University and has achieved the Acquia Grand Master certification.

Adam Bergstein