10 Ways Drupal 8 Is More Secure

 

In a blog post published just before Drupal 8 was released, I talked about 10 ways Drupal 8 is more secure than past versions. During this talk I will go into more depth and background on those points and why they matter.

I will place each of the security improvements into the context of more general PHP web application security (such as which OWASP Top 10 vulnerability it relates to). I will also show some examples where Drupal 7 code had an exploitable vulnerability in the past that would be blocked by design in Drupal 8.

In addition, since I helped drive a number of the issues and implement changes both in Drupal and PHP itself, I will also spend a little time talking about how some these changes came about starting from seeing potential weaknesses in our PHP code to deciding what changes to implement.

 

Check out more about Peter Wolanin.