Knowing security best practices only gets a team so far. They have to implement them too. This session will cover the security risks that a web development team faces and the underlying reasons why risks can go unaddressed. Ultimately, there are no excuses for leaving your web projects exposed to known vulnerabilities. This session will cover common security concerns for Drupal and the root problems a team needs to solve in order to mitigate these risks.
We will cover:
Three layers of web security, from the perspective of Drupal: Platform-level (e.g. Linux), Application-level (e.g. Drupal), and Organizational-level (e.g. procedures)
Familiarity with your hosting platform’s security-related practices.
Overview of common vulnerabilities in web applications (XSS, CSRF, HTTP vs HTTPS, etc.)
Understanding how security concerns are handled for core and contrib.
Clarifying support responsibilities and procedures so that security fixes are applied quickly.
Attendees who build and/or manage Drupal sites will gain the most from the session. Attendees will leave with a complete picture of website security and concrete recommendations for how to improve the security of the sites they manage. It will cover recommendations for Drupal 7 and Drupal 8.
Many of the topics that will be covered are in my Understanding and Implementing Website Security blog post series at https://pantheon.io/blog/understanding-and-implementing-website-security-part-1-you-are-target
This presentation was given to a group of SFS students at GW. It's designed to be semi-case study driven on the problems I've encountered on assessments and how programming can help solve them.
TSC Summit #4 - Howto get browser persitence and remote execution (JS)Mikal Villa
A simple PoC shown how insecure random http proxies are. And how easy you can trick people into traps.
Disclaimer: No data collected under the PoC was saved after the presentation, and everything was removed from the user browsers without any harm or stealing of information or any criminal activity at all.
How Drupal 8 Reaches Its Full Potential on PantheonPantheon
Join Pantheon co-founders David Strauss and Matt Cheney to learn everything you need to know about what Drupal 8 has to offer, and why Pantheon is the best place to run Drupal 8.
Drupal Performance Census - BADCamp 2016Josh Koenig
"I've seen things you wouldn't believe," but every wise developer knows there's no shame in the performance game. The only way to learn is by doing.
This year we implemented New Relic's Pro-level APM service across thousands of websites. With access to the details of their performance at scale we can learn truths with statistical significance. Here are our early findings.
This is available on video here: https://2016.badcamp.net/session/drupal-performance-census-lessons-over-2500-sites
This presentation was given to a group of SFS students at GW. It's designed to be semi-case study driven on the problems I've encountered on assessments and how programming can help solve them.
TSC Summit #4 - Howto get browser persitence and remote execution (JS)Mikal Villa
A simple PoC shown how insecure random http proxies are. And how easy you can trick people into traps.
Disclaimer: No data collected under the PoC was saved after the presentation, and everything was removed from the user browsers without any harm or stealing of information or any criminal activity at all.
How Drupal 8 Reaches Its Full Potential on PantheonPantheon
Join Pantheon co-founders David Strauss and Matt Cheney to learn everything you need to know about what Drupal 8 has to offer, and why Pantheon is the best place to run Drupal 8.
Drupal Performance Census - BADCamp 2016Josh Koenig
"I've seen things you wouldn't believe," but every wise developer knows there's no shame in the performance game. The only way to learn is by doing.
This year we implemented New Relic's Pro-level APM service across thousands of websites. With access to the details of their performance at scale we can learn truths with statistical significance. Here are our early findings.
This is available on video here: https://2016.badcamp.net/session/drupal-performance-census-lessons-over-2500-sites
The way people experience the web will see dramatic change in response to new tools, expectations and constraints in the coming years. This session will highlight some major forces shaping our medium and lead us in thinking about how we should expect to evolve what we deliver in light of changes in hardware, mobile, wearable, data, and software among others. We will look to parallels in architecture, aircraft and other technologies and suggest future trends that will evolve.
Attendees will gain a better understanding of the changing nature of our environment and the impact of all of these forces. Attendees will leave ready to make their own decisions about how best to embrace these forces in their own work.
This would be the first step in starting your own hosting company. You need a domain name that reflects services offered by your company, to whom its offered and who is your end customer. You need to make sure that your company name or a domain name should not match with any other company as copyright issues might arise. You may select domain name depending upon the geographic area you are targeting. You can register country level TLD for example .co.uk domain if your target business area is in UK, .co.in if its India.
Visit us for more information http://www.drupalhostingguide.com/
This is a presentation that a UD colleague and I did at Villanova on March 30, 2009. We were asked to share our strategies and challenges in implementing Drupal as a campus-wide IT-hosted service.
Drupal Site Hosting and Management: Acquia Case Studies from the FrontlinesAcquia
It takes most hosting companies weeks or months to roll out, configure and tweak all the servers required to host a high-traffic traffic sites. During this Webinar we explore several use case scenarios describing typical customer challenges and the Acquia hosting and management solution delivered. Specific examples will include Mother Jones, NY State Senate, ForeignPolicy.com, and a large global PR firm and will describe how Acquia quickly addressed these typical Drupal enterprise site challenges.
Join Pantheon co-founder Josh Koenig to learn about decoupled WordPress: what it is, the benefits and pitfalls, and how to approach a decoupled project. Koenig will walk through a decoupled build using the WP-API, and registrants can ask questions after the session.
Continuous Integration Is for Teams: Moving past buzzword driven development Pantheon
This webinar will go past the tooling hype and look at the benefits of Continuous Integration for developers, project managers, and clients. Ultimately a successful Continuous Integration practice makes a team work faster, safer, and more predictably.
A fast website is a good website, but making a website fast takes work. This session of couch coding will discuss the tips & tricks necessary to build the feeds & speeds into your website to make it soar.
Why Your Site is Slow: Performance Answers for Your ClientsPantheon
Surface-level technical issues like slow queries and redundant JavaScript files are often blamed when a site is slow, although there are numerous factors that can affect performance. In practice, web teams need to ask “why” repeatedly in order to get to the root cause. This presentation will dive into the many answers to this question and look for the root causes of slow sites.
Scaling Drupal in AWS Using AutoScaling, Cloudformation, RDS and moreDropsolid
Given at DrupalJam 2015 - Netherlands.
This presentation explains some of the fundamental issues you have to overcome when designing software for distributed systems that can fail. Also called "Cloud" in other terminologies. The presentation uses AWS components to explain these fundamentals and uses Drupal as the example application. The example is by no means perfect, but gives you a good idea how to design your system from scratch.
Technologies used:
Cloudformation
EC2 Instances
RDS MySQL Database
Elastic Load Balancer
ElastiCache (Memcache)
Example can be found here:
https://gist.github.com/nickveenhof/601c5dc1b76ff26896bf
Take note that the example does not include components such as VPC for simplicity, but it is highly recommended to add this.
Creating a Smooth Development Workflow for High-Quality Modular Open-Source P...Pantheon
Greg Anderson's slide deck from BADCamp 2016.
Having a fine-tuned continuous integration environment is extremely valuable, even for small projects. Today, there is a wide variety of standalone projects and online Software-As-A-Service offerings that can super-streamline your everyday development tasks that can help you get your projects up and running like a pro. In this session, we'll look at how you can get the most out of:
- GitHub source code repository
- Packagist package manager for Composer
- Travis CI continuous integration service
- Coveralls code coverage service
- Scrutinizer static analysis service
- Box2 phar builder
- PhpDocumentor api documentation generator
- ReadTheDocs online documentation reader service
- Composer scripts and projects for running local tests and builds
Amazon Web Services Building Blocks for Drupal Applications and HostingAcquia
Cloud computing offers many advantages and challenges for hosting Drupal sites. Acquia Hosting is a highly available cloud-based hosting platform tuned for Drupal performance and scalability. Acquia Hosting built on Amazon Web Services (AWS), takes advantage of an industry leading cloud-computing platform to provide the highest levels of security, fault-tolerance and operational controls possible in the cloud. This Webinar, featuring Barry Jaspan, Senior Architect at Acquia and Jeff Barr, Senior Evangelist Amazon Web Services, discusses how Amazon's Web Services can help Drupal site developers and managers solve common but vexing problems, including scaling. The Elastic Compute Cloud (EC2) components will be discussed in detail.
In addition we will discuss specific best practices for:
* Creating a high-performance, high-availability Drupal tuned hosting environment on AWS
* Load balancing: Elastic IP vs. Elastic Load Balancing
* Handling user-uploaded files with multiple web nodes
* Achieving true high-availability with multiple availability zones
* Choosing between Amazon Relational Database Service and building it yourself
* Configuring and managing your cloud servers
Getting Started With Jenkins And DrupalPhilip Norton
Jenkins is a really powerful tool for automating things like code analysis, testing and even deployment. Getting started with Jenkins, especially with Drupal, is a challenge and can be quite difficult for a beginner to the system. In this session I'll show you how to install Jenkins, how to configure things like authentication and then how to do some interesting things with the tool. I'll show some real life examples of things that can be done with the tool on your Drupal sites to do things like run cron jobs, syntax check the code or even automatically copying code to your web servers.
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and MorePantheon
Automating workflows has been a priority of many development teams in recent years. The more your team can automate their work and integrate the different tools they use, the more they can accomplish. In an effort to facilitate automation, Pantheon recently released Cloud Integration Tools, allowing developers to integrate their daily workflows with their favorite apps and services, both inbound and outbound, as well as unify login across services.
Why Drupal 8 Is a Game Changer for Higher EducationAcquia
Want to learn more about Acquia’s products, services, and happenings in the Drupal Community? Visit our site: http://bit.ly/yLaHO5.
In today’s rapidly changing education landscape, having a digital platform that can adapt to support your institution’s strategic initiatives is absolutely a key business requirement. Drupal is the most widely used content management system in higher education. It has provided schools with the foundation they need to quickly respond to the digital needs of their audiences and innovate faster than the competition. The future of Drupal is more exciting than ever with Drupal 8 being readied for general release by the Drupal community. Drupal 8 is the most powerful Drupal release yet with new capabilities not just for developers, but content authors, digital marketers, site builders and designers as well. From its mobile-first approach to its out-of-the-box feature set, Drupal 8 can give higher education a definite edge.
Acquia, the leading provider of Drupal support and infrastructure to the higher education industry, recently announced full commercial support for Drupal 8. In this webinar we’ll learn what the future of Drupal means for higher education and how Acquia can help your school take advantage of it.
In this webinar, you’ll hear:
-Why Drupal 8 is better than Drupal 6 and 7
-The reason Drupal 8 is a great fit for higher education
-What the learning curve is when moving to Drupal 8
-How Acquia can help schools evaluate and move
This talk is about why I believe having the ability to write tools and/or scripts can help elevate a Pen Testers game to the next level.
The talk is case study driven by the different scenarios I've encountered on assessments and the scripts or tools that have been developed as a result.
Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - PanoraysDemi Ben-Ari
To defend against attacks, think like a hacker. But does that mean you need to be a DevOps expert? Security researchers today need to discover new attack techniques. However, much of their focus is diverged to backend coding. We share how to build an infrastructure for researchers that allows them concentrate on business logic and writing hacker “tasks”. Using Docker and Kubernetes on Google Cloud, these tasks can then be performed in parallel and without a lot of DevOps hassle. Our technique removes two common barriers: first, long and risky deployment processes and second, low transparency within the production system.
Promise to share the stupid things too.
Simplifying Security: Protecting Your Clients and Your CompanyDrew Gorton
Do you have the answers to your client's security questions? Do you know what questions you should be asking your clients to assess their security risk? During this session we’ll walk through how to have the “security conversation” with your clients, build a team and a process that gives you the confidence to take on larger and more complex projects which bring in additional revenue. Your reputation as an agency (and your client’s business) rely on a safe and secure site. By knowing the common pitfalls you can help navigate the treacherous waters of web security and lead your team to success and happy clients along the way.
Deploying your Drupal site, Upgrading your Drupal Site, Scaling, Clustering and Monitoring it ... all topics Developers are often not involved with ...
Devops For Drupal explains the Devops problem, to a Drupal audience .
The way people experience the web will see dramatic change in response to new tools, expectations and constraints in the coming years. This session will highlight some major forces shaping our medium and lead us in thinking about how we should expect to evolve what we deliver in light of changes in hardware, mobile, wearable, data, and software among others. We will look to parallels in architecture, aircraft and other technologies and suggest future trends that will evolve.
Attendees will gain a better understanding of the changing nature of our environment and the impact of all of these forces. Attendees will leave ready to make their own decisions about how best to embrace these forces in their own work.
This would be the first step in starting your own hosting company. You need a domain name that reflects services offered by your company, to whom its offered and who is your end customer. You need to make sure that your company name or a domain name should not match with any other company as copyright issues might arise. You may select domain name depending upon the geographic area you are targeting. You can register country level TLD for example .co.uk domain if your target business area is in UK, .co.in if its India.
Visit us for more information http://www.drupalhostingguide.com/
This is a presentation that a UD colleague and I did at Villanova on March 30, 2009. We were asked to share our strategies and challenges in implementing Drupal as a campus-wide IT-hosted service.
Drupal Site Hosting and Management: Acquia Case Studies from the FrontlinesAcquia
It takes most hosting companies weeks or months to roll out, configure and tweak all the servers required to host a high-traffic traffic sites. During this Webinar we explore several use case scenarios describing typical customer challenges and the Acquia hosting and management solution delivered. Specific examples will include Mother Jones, NY State Senate, ForeignPolicy.com, and a large global PR firm and will describe how Acquia quickly addressed these typical Drupal enterprise site challenges.
Join Pantheon co-founder Josh Koenig to learn about decoupled WordPress: what it is, the benefits and pitfalls, and how to approach a decoupled project. Koenig will walk through a decoupled build using the WP-API, and registrants can ask questions after the session.
Continuous Integration Is for Teams: Moving past buzzword driven development Pantheon
This webinar will go past the tooling hype and look at the benefits of Continuous Integration for developers, project managers, and clients. Ultimately a successful Continuous Integration practice makes a team work faster, safer, and more predictably.
A fast website is a good website, but making a website fast takes work. This session of couch coding will discuss the tips & tricks necessary to build the feeds & speeds into your website to make it soar.
Why Your Site is Slow: Performance Answers for Your ClientsPantheon
Surface-level technical issues like slow queries and redundant JavaScript files are often blamed when a site is slow, although there are numerous factors that can affect performance. In practice, web teams need to ask “why” repeatedly in order to get to the root cause. This presentation will dive into the many answers to this question and look for the root causes of slow sites.
Scaling Drupal in AWS Using AutoScaling, Cloudformation, RDS and moreDropsolid
Given at DrupalJam 2015 - Netherlands.
This presentation explains some of the fundamental issues you have to overcome when designing software for distributed systems that can fail. Also called "Cloud" in other terminologies. The presentation uses AWS components to explain these fundamentals and uses Drupal as the example application. The example is by no means perfect, but gives you a good idea how to design your system from scratch.
Technologies used:
Cloudformation
EC2 Instances
RDS MySQL Database
Elastic Load Balancer
ElastiCache (Memcache)
Example can be found here:
https://gist.github.com/nickveenhof/601c5dc1b76ff26896bf
Take note that the example does not include components such as VPC for simplicity, but it is highly recommended to add this.
Creating a Smooth Development Workflow for High-Quality Modular Open-Source P...Pantheon
Greg Anderson's slide deck from BADCamp 2016.
Having a fine-tuned continuous integration environment is extremely valuable, even for small projects. Today, there is a wide variety of standalone projects and online Software-As-A-Service offerings that can super-streamline your everyday development tasks that can help you get your projects up and running like a pro. In this session, we'll look at how you can get the most out of:
- GitHub source code repository
- Packagist package manager for Composer
- Travis CI continuous integration service
- Coveralls code coverage service
- Scrutinizer static analysis service
- Box2 phar builder
- PhpDocumentor api documentation generator
- ReadTheDocs online documentation reader service
- Composer scripts and projects for running local tests and builds
Amazon Web Services Building Blocks for Drupal Applications and HostingAcquia
Cloud computing offers many advantages and challenges for hosting Drupal sites. Acquia Hosting is a highly available cloud-based hosting platform tuned for Drupal performance and scalability. Acquia Hosting built on Amazon Web Services (AWS), takes advantage of an industry leading cloud-computing platform to provide the highest levels of security, fault-tolerance and operational controls possible in the cloud. This Webinar, featuring Barry Jaspan, Senior Architect at Acquia and Jeff Barr, Senior Evangelist Amazon Web Services, discusses how Amazon's Web Services can help Drupal site developers and managers solve common but vexing problems, including scaling. The Elastic Compute Cloud (EC2) components will be discussed in detail.
In addition we will discuss specific best practices for:
* Creating a high-performance, high-availability Drupal tuned hosting environment on AWS
* Load balancing: Elastic IP vs. Elastic Load Balancing
* Handling user-uploaded files with multiple web nodes
* Achieving true high-availability with multiple availability zones
* Choosing between Amazon Relational Database Service and building it yourself
* Configuring and managing your cloud servers
Getting Started With Jenkins And DrupalPhilip Norton
Jenkins is a really powerful tool for automating things like code analysis, testing and even deployment. Getting started with Jenkins, especially with Drupal, is a challenge and can be quite difficult for a beginner to the system. In this session I'll show you how to install Jenkins, how to configure things like authentication and then how to do some interesting things with the tool. I'll show some real life examples of things that can be done with the tool on your Drupal sites to do things like run cron jobs, syntax check the code or even automatically copying code to your web servers.
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and MorePantheon
Automating workflows has been a priority of many development teams in recent years. The more your team can automate their work and integrate the different tools they use, the more they can accomplish. In an effort to facilitate automation, Pantheon recently released Cloud Integration Tools, allowing developers to integrate their daily workflows with their favorite apps and services, both inbound and outbound, as well as unify login across services.
Why Drupal 8 Is a Game Changer for Higher EducationAcquia
Want to learn more about Acquia’s products, services, and happenings in the Drupal Community? Visit our site: http://bit.ly/yLaHO5.
In today’s rapidly changing education landscape, having a digital platform that can adapt to support your institution’s strategic initiatives is absolutely a key business requirement. Drupal is the most widely used content management system in higher education. It has provided schools with the foundation they need to quickly respond to the digital needs of their audiences and innovate faster than the competition. The future of Drupal is more exciting than ever with Drupal 8 being readied for general release by the Drupal community. Drupal 8 is the most powerful Drupal release yet with new capabilities not just for developers, but content authors, digital marketers, site builders and designers as well. From its mobile-first approach to its out-of-the-box feature set, Drupal 8 can give higher education a definite edge.
Acquia, the leading provider of Drupal support and infrastructure to the higher education industry, recently announced full commercial support for Drupal 8. In this webinar we’ll learn what the future of Drupal means for higher education and how Acquia can help your school take advantage of it.
In this webinar, you’ll hear:
-Why Drupal 8 is better than Drupal 6 and 7
-The reason Drupal 8 is a great fit for higher education
-What the learning curve is when moving to Drupal 8
-How Acquia can help schools evaluate and move
This talk is about why I believe having the ability to write tools and/or scripts can help elevate a Pen Testers game to the next level.
The talk is case study driven by the different scenarios I've encountered on assessments and the scripts or tools that have been developed as a result.
Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - PanoraysDemi Ben-Ari
To defend against attacks, think like a hacker. But does that mean you need to be a DevOps expert? Security researchers today need to discover new attack techniques. However, much of their focus is diverged to backend coding. We share how to build an infrastructure for researchers that allows them concentrate on business logic and writing hacker “tasks”. Using Docker and Kubernetes on Google Cloud, these tasks can then be performed in parallel and without a lot of DevOps hassle. Our technique removes two common barriers: first, long and risky deployment processes and second, low transparency within the production system.
Promise to share the stupid things too.
Simplifying Security: Protecting Your Clients and Your CompanyDrew Gorton
Do you have the answers to your client's security questions? Do you know what questions you should be asking your clients to assess their security risk? During this session we’ll walk through how to have the “security conversation” with your clients, build a team and a process that gives you the confidence to take on larger and more complex projects which bring in additional revenue. Your reputation as an agency (and your client’s business) rely on a safe and secure site. By knowing the common pitfalls you can help navigate the treacherous waters of web security and lead your team to success and happy clients along the way.
Deploying your Drupal site, Upgrading your Drupal Site, Scaling, Clustering and Monitoring it ... all topics Developers are often not involved with ...
Devops For Drupal explains the Devops problem, to a Drupal audience .
How to make the agile team work with security requirements? To get secure coding practices into agile development is often hard work. A security functional requirement might be included in the sprint, but to get secure testing, secure architecture and feedback of security incidents working is not an easy talk for many agile teams. In my role as Scrum Master and security consultant I have developed a recipe of 7 steps that I will present to you. Where we will talk about agile secure development, agile threat modelling, agile security testing and agile workflows with security. Many of the steps can be made without costly tools, and I will present open source alternatives for all steps. This to make a test easier and to get a lower startup of your teams security process.
Blockade.io : One Click Browser DefenseRiskIQ, Inc.
When thinking of modern attacks, the web browser is still one of the top delivery vehicles. Whether it’s displaying an email or facilitating a link-redirection or merely serving a web page, browsers aid in the attack process. Despite their popularity, many companies focus their efforts defending the operating system, inspecting the network or attempting to keep up with threats through delivered feeds.
In order for any tool to gain adoption, it not only has to be useful, but also needs to easily fit into a user’s workflow. Using native browser interfaces, we’ve created a set of open source browser extensions that not only detect malicious activity, but block it entirely. More importantly, this functionality is delivered in a one-click package and doesn’t require any technical knowledge in order to successfully function. Users are able to take advantage of hosted repositories of data or run their own data node and updates are automatic.
This presentation will introduce the browser extension details, highlight how they function and inform users how they could take advantage of this functionality in their organization. No security solution is perfect, but bringing blocking capabilities to the browser without requiring any user change guarantees even the least technical of users can be protected. Originally developed with non-profit and smaller businesses in mind, these security browser extensions can bring peace of mind to any size organization, free of charge.
Not my problem - Delegating responsibility to infrastructureYshay Yaacobi
Slides for for my talk, appeared on Code-Europe Poznan 12.06.2018
(https://www.codeeurope.pl/en/speakers/yshay-yaacobi)
https://github.com/yshayy/not-my-problem-talk
https://github.com/Yshayy/not-my-problem-talk/blob/master/slides/demo.md
NJEdgeCon2018-Automating-Package-Management-in-Windows-with-ChocolateyDan Franciscus
In this presentation I go over the various feature of Chocolatey and how it can help automate package management in an organization. I also go over milestones in the implementation at IAS.
Understanding Marketing: DrupalCon Global 2020Drew Gorton
Marketers are an increasingly important audience for Drupal. Come to this session to learn what our Marketing colleagues do, what they care about and how they measure success. You will leave this session better equipped to communicate your work and value to Marketing professionals.
Drupalers Guide to Marketing: DrupalCon SeattleDrew Gorton
Those of us planning, designing, building or supporting Drupal for others are increasingly working for people who see that work through the lens of Marketing. This session will start by looking at the big picture of what's happening in the web market (Wix, WordPress, Sitecore, etc.), where Drupal fits today and how that evolution involves marketing professionals. Put another way, if Drupal is becoming the tool for Ambitious Digital Experiences, those experiences are paid for by Marketing budgets.
If you’ve come to Drupal via tech ("Come for the code" as we like to say) you might not have an intuitive grasp of the language and concerns of marketing professionals. This session will explain what Marketers do (it’s different than Sales!), how they do it and what matters to them. Come to this session for an overview of Drupal in the web market, a primer on marketing terms (MQLs, CTAs, Funnels, ...), marketing needs (NNN, CTR, Conversions, …) and competing marketing technologies (there are zillions!).
You will leave this session with a better understanding why marketers matter to Drupal professionals, what motivates our marketing colleagues, what they care about and how to make your work more relevant and valuable to them.
Learning Objectives & Outcomes
Come to this session for a primer on marketing terms (MQLs, CTAs, Funnels, ...), marketing needs (NNN, CTR, Conversions, …) and competing marketing technologies (there are zillions!). We’ll start with the big picture and dive down into how things fit together and why they matter.
Marketing for Drupalers - Drupal EuropeDrew Gorton
Marketers are an important audience for Drupal professionals. Learn why marketers matter, what motivates our marketing colleagues, what they care about and how to make your work more relevant and valuable to them.
Description
Those of us planning, designing, building or supporting Drupal for others are increasingly working for people who see that work through the lens of Marketing. This session will start by looking at the big picture of what's happening in the web market (Wix, WordPress, Sitecore, etc.), where Drupal fits today and how that evolution involves Marketing professionals. Put another way, if Drupal is becoming the tool for Ambitious Digital Experiences, those experiences are paid for by Marketing budgets.
If you’ve come to Drupal via tech ("Come for the code" as we like to say) you might not have an intuitive grasp of the language and concerns of Marketing professionals. This session will explain what Marketers do (it’s different than Sales!), how they do it and what matters to them. Come to this session for an overview of Drupal in the web market, a primer on marketing terms (MQLs, CTAs, Funnels, ...), marketing needs (NNN, CTR, Conversions, …) and competing marketing technologies (there are zillions!).
You will leave this session with a better understanding why marketers matter to Drupal professionals, what motivates our marketing colleagues, what they care about and how to make your work more relevant and valuable to them.
The way people experience the web will see dramatic change in response to new tools, expectations and constraints in the coming years. This session will highlight some major forces shaping our medium and lead us in thinking about how we should expect to evolve what we deliver in light of changes in hardware, mobile, wearable, data, and software among others. We will look to parallels in architecture, aircraft and other technologies and suggest future trends that will evolve.
Attendees will gain a better understanding of the changing nature of our environment and the impact of all of these forces and is appropriate for anyone working in this field who is interested in what the future may bring. Attendees will leave ready to make their own decisions about how best to embrace these forces in their own work.
Word Press at Scale - WordCamp MinneapolisDrew Gorton
A single WordPress can push hundreds of millions of pageviews a month; it can serve tens of thousands of concurrent logged-in users; and it can be lightning-fast the whole time. It is known. The question is not whether WordPress itself can scale, but whether or not your implementation is ready.
Topics covered include:
Page Caching
Object Caching
Query Performance
Algorithm Performance
Searching for Scale
A Real-World Scalable Architecture
Elastic Architecture
Development and Workflow
Understanding and Implementing Website SecurityDrew Gorton
Knowing security best practices only gets a team so far. They have to implement them too. This session will cover the security risks that a web development team faces and the underlying reasons why risks can go unaddressed. Ultimately, there are no excuses for leaving your web projects exposed to known vulnerabilities. This session will cover common security concerns for Drupal and the root problems a team needs to solve in order to mitigate these risks.
Points of discussion will include:
Three layers of web security, from the perspective of Drupal: Platform-level (e.g. Linux), Application-level (e.g. Drupal), and Organizational-level (e.g. procedures)
Familiarity with your hosting platform’s security-related practices.
Overview of common vulnerabilities in web applications (XSS, CSRF, HTTP vs HTTPS, etc.)
Understanding how security concerns are handled for core and contrib.
Clarifying support responsibilities and procedures so that security fixes are applied quickly.
This session is for people who are relatively new to Drupal and would like an orientation (or refresher) on the concepts, jargon and community involved in learning Drupal.
We’ll introduce All the Big Things at a basic level. Attendees will come away familiar with the Drupal landscape and with recommendations for specific sessions to attend to dive deeper into key concepts and particular topics.
Topics specifically covered include:
Drupal from 50,000 Feet
Drupal's Worldview
Drupal's Terminology (Content types, Nodes, Views, Modules, Blocks, etc.)
Brief Orientation to Drupal Core
Brief Orientation to Drupal Add-ons (Modules, Themes, etc.)
Common Workflows for Site Builders and Editors
Brief Orientation to the Drupal Community
Getting Help with Drupal
There will also be lots of time for Questions and Answers!
From Drupal Corn 2015.
http://2015.drupalcorn.org/sessions/welcome-drupal
10 Lessons Learned as a Drupal EntrepreneurDrew Gorton
Drew founded Gorton Studios almost 15 years ago. His journey has included building an amazing team, doing great client work for amazing organizations (Guthrie Theater, United Nations, Southern Poverty Law Center and many, many others), the development of a SAAS product (NodeSquirrel) and, most recently, selling NodeSquirrel and moving to Pantheon.
Through that time, there have been many lessons learned. Drew will share 10 of the most important ones he's learned and why he thinks they're important for anyone running a business, thinking about starting out on their own or are otherwise ready to take on the world. (You can!)
Originally given at BadCamp 2012:
http://2012.badcamp.net/program/sessions/responsive-html-email-and-drupal
This session will cover the case-study of an organization's weekly e-newsletter template re-design, the steps taken to optimize it for mobile, and the testing it took to ensure it looks good across a range of email clients.
We will also cover the developer's steps to take an organization's email template, integrate it into a Drupal website, and build a mechanism that can generate a newsletter based on content.
The end-results are a more effective, faster-to-produce, less error-prone newsletter.
If you self-identify as Not Technical, this session is for you. This session will start with a very big-picture, plain-English review of how Drupal thinks and move from there to a discussions of pros and cons for using Drupal. Come ready to share your questions and insights from the real world. Drupal is a tool and it’s only successful if it works for you. Don’t be shy about not being technical. Be proud!
This session is for people who are relatively new to Drupal and would like an orientation (or refresher) on the concepts, jargon and community involved in learning Drupal.
We’ll introduce All the Big Things at a basic level. Attendees will come away familiar with the Drupal landscape and with recommendations for specific sessions to attend to dive deeper into key concepts and particular topics.
Topics specifically covered include:
Drupal from 50,000 Feet
Drupal's Worldview
Drupal's Terminology (Content types, Nodes, Views, Modules, Blocks, etc.)
Brief Orientation to Drupal Core
Brief Orientation to Drupal Add-ons (Modules, Themes, etc.)
Common Workflows for Site Builders and Editors
Brief Orientation to the Drupal Community
Getting Help with Drupal
There will also be lots of time for Questions and Answers!
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
2. Pantheon.io
Hi, I’m Drew Gorton
● Director of Agency and Community
Outreach, Pantheon
● Founder, Gorton Studios (2001)
● Co-founder, NodeSquirrel (2012)
● Drupal 4.4 (~2004)
● Drupal Twin Cities
● @dgorton
● drew@pantheon.io
3. Web CMS is Risky
The Elephant in the Room
● Web Content Management is
inherently dangerous
● Connected to the internet
● Edited via the internet
3
4. Data Breaches
Have Become Commonplace
4
● http://www.informationisbeautif
ul.net/visualizations/worlds-big
gest-data-breaches-hacks/
●
5. I’m So Tiny!
Surely not me?
● You are a target
● You have:
Computing power
Access to nearby systems
Visitors with vulnerable browsers
Information
PII? Transactions? Donations?
● Robots don’t care
5
6. Website Security
Is Not Binary
● Not On or Off
● “Is my website secure?”
not a Yes / No question
6https://flic.kr/p/h4TA84
7. Website Security
Lessons from the Real World
Safe Ratings
● Time (5 mins, 30 mins, …)
● Tools (hammer, drill, power, …)
● People (skill, number, …)
7https://flic.kr/p/5GPgE1
8. Website Security
Is a Continuum
● Perfect security is a myth
● There will always be gaps
● Be prepared
8
9. Today’s Goals
Our Agenda
● Understand Landscape
● Have Fewer, Smaller Gaps
● Better Preparedness
● Looking at Layers of Security
9https://flic.kr/p/5d4nKx
10. Our Layers
Drupal is Just One Piece ● Platform
Linux, Apache, MySQL, PHP …
● Application
Drupal, WordPress…
● Organizational
Habits, procedures, planning…
10https://flic.kr/p/dp3nGo
17. 17
How did you handle Heartbleed?
How did you handle DrupalGeddon?
Choose Hosts Wisely
18. Application Layer
Security in Drupal
● Configuration
● Modules
● Security Team and Procedures
● Coding Best Practices
18https://flic.kr/p/9Vx4ra
19. Flexibility
Drupal’s Great Strength and Weakness
● (Mis) Configuration
● True or False?
● You can configure Drupal so that
Anonymous Users can ____
Upload images
Change files
Edit the homepage
Turn on modules
Change themes
19https://flic.kr/p/nze5Em
20. Secure Configuration
The Most Important Thing You Can Do
● Secure User 1
No simple passwords
Don’t share passwords across sites
Doesn’t have to be ‘admin’
● Permissions & Roles
Administer * is powerful
Administer filters can pwn site
● No PHP (!!!)
● Update module
Wednesdays are security releases
Turn it on. Get the notifications. Do
them
20https://flic.kr/p/5pGcyx
25. Secure Coding
Best Practices
● JavaScript to run browser actions
● Up to 64% of websites vulnerable
● Everything you can do, XSS can do
better
● Use Filters! check_url(),
check_plain(), filter_xss(),
filter_xss_admin(), check_markup()
● t() function
● https://www.drupal.org/node/2898
4
25https://flic.kr/p/5ALBHy
26. Secure Coding
Best Practices
● Actions on another site
● <a
href="http://bank.com/
xfer.do?acct=123&amt=10000
">View my Pictures!</a>
● Forms API , drupal_get_token(),
drupal_valid_token()
● https://www.drupal.org/node/1788
96
26https://flic.kr/p/bSkp8r
29. Secure Code Management
Take care of your code
● Use Version Control Software (VCS)
like Git
● Sanitize Data on transfer -
drushcommands.com/drush-8x/sql
/sql-sanitize
● Secure your Keys - https://lockr.io
29https://flic.kr/p/9BkXKV
30. Secure Support
Take care of your clients
● Catalog your sites
● Wednesdays - be ready
● Who is responsible?
● Who helps them?
● How do they escalate?
● Emergency Procedures
● Run the drill!
30https://flic.kr/p/rEwbwL
31. 31
● Use a secure (reliable, performant) Drupal host
● Configure Drupal carefully
● Use Security-enhancing Drupal modules
● Follow Drupal coding best practices
● Use secure communications (HTTPS, SFTP, …)
● Have secure code management habits
● Have clear support practices and procedures
In Summary