As software engineers it’s our responsibility to incorporate cyber security best practices into the development cycle. In this presentation, I’ll provide a list of resources, best practices, tools and Drupal modules for designing and implementing a more secure Drupal web application and to prepare for penetration testing.
In this talk I’ll present the current state of the software supply chain, the big global recent events (SolarWinds, log4shell, codecov, packagist) and the state of the PHP and Drupal ecosystem, the threats and the mitigations that can be applied using tools like Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning and how to use them for real-world projects to gain unprecedented levels of knowledge of your digital artifacts.
There will be also a demo of the mentioned tools in action to implement a secure supply chain pipeline for your Drupal projects.
The controller (Drupal Austria - Verein zur Förderung und Unterstützung der Opensource-Software Drupal, Austria) would like to use the following services in order to process your personal data. Technologies such as cookies, localStorage, etc. can be used for personalization. This is not necessary for the use of the website, but allows us to interact with you more closely. If you wish, you can adjust or revoke your consent at any time via our privacy policy.
