Thanks for coming to Drupalcamp London 2017.

Videos will appear here within a few weeks.

See you in 2018!!

Web site insecurity - How your CMS site will get hacked and how to prevent it.

Track: Community & Business | Skill level: Intermediate

Public facing web sites are constantly under attack and keeping websites protected is an arms race. The news regularly carries stories of high profile data breaches and online security incidents. Many of these attacks have common characteristics and fortunately there are established counter measures and best practices that are simple to implement and effective in mitigating against common threats.

Security rarely gets a look-in at specification and budget allocation stages of delivering a web site or at best is an afterthought. Yet everyone has an expectation of security and QOS that implies it is central to every project. So either some poor sucker is having sleepless nights, it is considered to be the domain of the hosting company or everyone on the project has their head in the sand.

Security considerations should pervade all stages of a project from initial specification, throughout development and testing and on to ongoing hosting and maintenance.

In this session I will cover:

  • Common threats to web security with real world case studies of compromised sites,
  • A 'dissection' of a typical common exploit tool and how it operates,
  • Simple approaches to mitigating common threats/vulnerabilities,
  • Defence in depth – an overview of the various components of web security,
  • Drupal specific measures that standard penetration testing often does not account for.
  • An overview of how to benefit from:
    • Security monitoring and log analysis
    • Intrusion Detection Systems & Firewalls
    • Security headers and Content Security Policies (CSP).

The presentation is aimed at all levels of Drupal knowledge and anyone responsible for any stage in the delivery of information over the web; regardless of whether they are the client, project manager, developer or content editor.

Attendees do not require specialist knowledge and will get an insight into how 'hackers' operate, how frequently attempts are made, the various modes of attacking CMS sites, review some real world examples and see how counter measures can be put in place.

Attendees will take home:

  • that malicious attacks are a fact of live and can't be ignored,
  • that security is not a 'one-off' but an ongoing responsibility,
  • that security best practices shouldn't be intimidating and are readily achievable.

and hopefully will be inspired to initiate measures such as robust intrusion prevention measures and Content Security Policies for websites they manage.

Slide URL

Keynote Speakers

Matt Glaman

Matt Glaman

(Saturday keynote)

Matt Glaman is a developer at Commerce Guys. He is an open source developer who has been working with Drupal since 2013. He is author of the Drupal 8 Development Cookbook, maintainer of, and lover of Irish Whiskey.

Twitter: @nmdmatt

Jeffrey A 'JAM' McGuire

Jeffrey A. "jam" McGuire

(Sunday keynote)

Jeffrey A. "jam" McGuire—Evangelist, Developer Relations at Acquia—is a memorable and charismatic communicator with a strong following at the intersection of open source software, business, and culture. He is a frequent keynote speaker at events around the world. He writes and talks about technology, community, and more on weekly podcasts and as a blogger on This all helps satisfy his inner diva, which he also feeds with performances as a storyteller and musician.

Twitter: @horncologne

Danese Cooper

Danese Cooper

(Sunday closing keynote)

Danese Cooper currently serves as chairperson of the Node.js Foundation. She also works in an open source role at PayPal. Previously she was Director of the Open Source Hardware Association and CTO of the Wikimedia Foundation. She had brief stint at the Bill & Melinda Gates Foundation as a consulting open source strategist. She has been involved with open source since 1999.

Twitter: @divadanese

CxO Day Speakers

Sarah Wood OBE

Unruly Co-Founder (CEO)

Sarah Wood

David Axmark

Co-founder of MySQL

David Axmark

Ben Finn OBE

Co-Founder of Sibelius and CEO at Stealth Poker

Ben Finn

Barney Brown

Head of Digital at Cambridge University

Barney Brown

Professor Andre Spicer

Professor of Organisational Behaviour at Cass Business School City, University London

Andre Spicer

Paul Reeves

Reevo UN Limited

Paul Reeves



CxO Day

Drupal apprentices

The best people to train new developers are developers

The Drupal Apprenticeship Scheme will be running a London intake in March. If you are interested in hiring an apprentice or know someone who would benefit from the scheme please get in touch via the link below.

  • Created and run by experienced developers
  • Teaches core skills and best practice
  • Extensive support for businesses and teams

We are also really keen to hear from people who might be interested in mentoring, training and helping us to develop and review training materials to make sure they stay absolutely current and relevant.

Find out more

Join the Drupal Association

The Drupal Association unites a global open source community to build and promote Drupal.

The Association is a not-for-profit organization that relies on individuals and businesses to fund everything they do for Drupal — from to DrupalCon and community programs.

Connect with us and support our mission-driven work.

Support the Drupal Association