As hacking evolves, creating and maintaining a secure site becomes more challenging. In this session, we will use hands-on demos show you how hackers exploit vulnerabilities on a website. We’ll explore how to holistically approach web security as you build and maintain your website including what HTTPS does and doesn’t do on your site. Finally, we’ll explore some ways you can protect your site now and in the future.
Three Key Takeaways
Treat web security as important as SEO when building your website
Enabling HTTPS is not the same as website security, but it’s important for protecting your users
Protecting your website takes work, but there a few simple steps you can start with
Perhaps nothing is more frustrating to us as web professionals than developing than an awesome application that provides immediate benefits to our audiences and then waiting a year or more to make it available in production as we write documentation and work with the auditors on review and testing to ensure it is secure and obtain certification at enormous, additional and unbudgeted cost. What if we could simplify and accelerate compliance by automatically producing the documentation and verifying security as we develop the application with minimal additional effort or funds? This is possible through the concept of “infrastructure as code” especially when combined with the flexibility of cloud computing. This session will examine the idea of infrastructure as code and its practical application using applications built on Drupal and WordPress and tools together with infrastructure as code tools including Docker, Kubernetes, and Terraform and cloud computing systems including AWS and Azure.
Three Key Takeaways
Infrastructure as code is a transformational idea, simplifying the process of compliance while also enhancing security
Infrastructure as code can be implemented incrementally, with immediate benefits for security and cost
Infrastructure as code is naturally compatible with cloud computing, although it is not dependent on the cloud