2nd - 4th March 2018

City, University London

Browser Wars 2018 - Implementing a Content Security Policy

Prerequisites

No prerequisites - I am pitching this session at anyone who has any responsibility for a website of any type: whether you are a project manager, site builder, designer or developer.

 

Session content

It used to be that browsers were something we fought against to get our site viewed the way we wanted; now they are our allies.

Far from being dumb proprietary clients that just parse our HTML the way they want they have evolved into complex software applications. They provide powerful security controls to make decisions about what to display and debugging tools to enable us to investigate their actions.
By implementing a set of headers to be delivered alongside our web pages, we can now work with browsers to protect our site visitors from malicious content and control what is displayed and included on our pages.

In this session we will touch on what threats face our web pages out in the wild and what measures we can employ to protect them.
We will focus on implementing a Content Security Policy and will cover

  • the initial investigation and building of a Content Security Policy (CSP);
  • implementation and observation of the CSP in the wild;
  • monitoring of the CSP once live;
  • evidence of its effectiveness (threats thwarted).

Hopefully attendees will be convinced as to why a CSP is invaluable and why projects should build in time and resources to implement one.

Author
George Boobyer
Skill level
Basic understanding
Track
Site Building

Keynote speakers

Ryan Szrama

Commerce Guys

Ryan Szrama

Ryan got his start in web development through an online sales company based in Louisville, KY. It was there that he nursed Ubercart through its infancy to its use on over 20,000 websites as the Project Lead and community face of the project.

In 2009, Ryan co-founded Commerce Guys and eventually led the development of Drupal Commerce for Drupal 7. He grew the new project from its first full release at DrupalCon London to its use today on over 60,000 websites.

As of February 2016, Ryan acquired control of Commerce Guys and assumed leadership of the business with his time split between managing the company and contributing to its various open source projects.

Chris Teitzel

Lockr

Chris Teitzel

Chris has been part of the Drupal community for 8 years and during that time has been fortunate enough to be involved in all aspects of the community. Originally part of the team supporting the Omega theme, he helped drive documentation and community support to lower the bar for theming in Drupal. He’s since been involved in projects spanning the globe working with all levels of business from top enterprises to startups building everything from bootstrapped humanitarian tools based on SMS to airline ticketing systems built in Drupal Commerce. In the recent years he has set his sights on security in Drupal and specifically around data privacy and security to again lower the bar for developers to adhere to best practices.

Baddý Sonja Breidert

1xINTERNET

Baddý Sonja Breidert

Baddý Sonja Breidert (baddysonja) is the CEO and Co-Founder of 1xINTERNET, one of the largest Drupal web agencies in Germany. 1xINTERNET has offices in Germany and Spain and has clients all over Europe.

Baddý graduated with B.Sc. in Computer Science from the University of Reykjavik in 2003 and after that completed her M.Sc. in Engineering Management from the Technical University in Vienna, where she today teaches Agile Project management and IT. She is also an European champion in Robotic Soccer - where she competed with her University in 2008.

Baddý has been very active in the Drupal community and has organised conferences and events both in Iceland and Germany. Currently she is one of the main organisers of Drupal Europe, which will take place in fall 2018.

Diamond

Drupal apprentices

The best people to train new developers are developers

The Drupal Apprenticeship Scheme will be running a London intake in March. If you are interested in hiring an apprentice or know someone who would benefit from the scheme please get in touch via the link below.

  • Created and run by experienced developers
  • Teaches core skills and best practice
  • Extensive support for businesses and teams

We are also really keen to hear from people who might be interested in mentoring, training and helping us to develop and review training materials to make sure they stay absolutely current and relevant.

Find out more

Join the Drupal Association

The Drupal Association unites a global open source community to build and promote Drupal.

The Association is a not-for-profit organization that relies on individuals and businesses to fund everything they do for Drupal — from drupal.org to DrupalCon and community programs.

Connect with us and support our mission-driven work.

Support the Drupal Association

Hosting provided by

platform.sh