Knowing security best practices only gets a team so far. They have to implement them too. This session will cover the security risks that a web development team faces and the underlying reasons why risks can go unaddressed. Ultimately, there are no excuses for leaving your web projects exposed to known vulnerabilities. This session will cover common security concerns for Drupal and the root problems a team needs to solve in order to mitigate these risks.

Points of discussion will include:

• Three layers of web security, from the perspective of Drupal: Platform-level (e.g. Linux), Application-level (e.g. Drupal), and Organizational-level (e.g. procedures)
• Familiarity with your hosting platform’s security-related practices. 
• Overview of common vulnerabilities in web applications (XSS, CSRF, HTTP vs HTTPS, etc.)
• Understanding how security concerns are handled for core and contrib.
• Clarifying support responsibilities and procedures so that security fixes are applied quickly.