Security

As software engineers it’s our responsibility to incorporate cyber security best practices into the development cycle. In this presentation, I’ll provide a list of resources, best practices, tools and Drupal modules for designing and implementing a more secure Drupal web application and to prepare for penetration testing.

In this talk I’ll present the current state of the software supply chain, the big global recent events (SolarWinds, log4shell, codecov, packagist) and the state of the PHP and Drupal ecosystem, the threats and the mitigations that can be applied using tools like Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning and how to use them for real-world projects to gain unprecedented levels of knowledge of your digital artifacts. There will be also a demo of the mentioned tools in action to implement a secure supply chain pipeline for your Drupal projects.