Web Security: Clue!


  • Michael Hess

Become a web security detective and join us as we look at some cases of compromised websites drawn from real-life events. We'll cover four "tales" of hacked sites, from uncovering the hack, to tracking down the root cause, to mitigating the problem. You'll learn techniques for trouble-shooting hacked sites and increase your awareness of common attacks.

This presentation is offered by members of the Drupal Security Team, a global team responsible for the security of the Drupal open-source content management platform.


We aim to make web security more engaging by inviting session participants to use their creative problem-solving abilities to learn how to track down the causes of common website hacks. We'll also cover security issues unique to the Drupal content management system, a platform used by hundreds of major universities including Stanford, Harvard and UC-Berkeley. Websites in higher education need to be especially cognizant of web security when FERPA-protected information may be at stake. While web security can be intimidating to beginners — including early-career web developers — it's not difficult to maintain a secure Drupal website.


We'll use storytelling to engage the imaginations of session participants, as well as live audience polling to collect input and feedback. We'll end the session with an interactive discussion and a freebie or two.


Participants will:
1. Learn about how websites are commonly compromised.
2. Understand basic steps they can take to prevent their own environments from being compromised. 3. Engage in a discussion of web security best practices.

Who Should Attend

  • Back-end Developers
  • Content Editors
  • Front-end Developers
  • Project Managers
  • Site Builders
  • Sys Admins