Securing the Stack: Hardening Your Drupal Deployment

I'm happy to announce our next meetup is all about securing your Drupal websites. There's been a lot of media recently about big websites being compromised (Washington Post, CNN, Zuckerberg's Facebook page) so now's the perfect time to think about your own websites. This meetup is being hosted by Duo Security (@duosec (https://twitter.com/duosec)) and will include a presentation by Mark Stanislav, Security Evangelist for Duo Security. Additional info below...

--Alex

Presentation Overview

Running a blog or CMS-based web site is a big responsibility. For an organization, a single poorly secured web site can be the foothold an attacker needs to breach a network. If you run a small business, you could be putting your clients in danger. The challenges to add security to these deployments can often be confusing when trying to figure out what to secure and how to do it.

This talk will go over a number of security enhancements that most administrators can make in minutes that collectively can add some much needed security hardening to your typical Drupal deployment. Mark will provide insights into why certain steps are needed and the realities of not following the guidance being given from someone who has not only had to secure web sites for years, but also break into them for his job. If you run Drupal and care about keeping your clients or organization secure, you'll want to catch this talk!

About Mark Stanislav

Mark Stanislav is the Security Evangelist for Duo Security, an Ann Arbor-based startup focused on two-factor authentication and mobile security. With a career spanning over a decade, Mark has worked within small business, academia, startup, and corporate environments, primarily focused on Linux architecture, information security, and web application development. Mark earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University. Mark also holds his CISSP, Security+, Linux+, and CCSK certifications. You can find more out about Mark as his personal web site ( http://www.uncompiled.com ) or via Twitter (@markstanislav (https://twitter.com/markstanislav)).