Diamond sponsors

Security

Autopsy of Vulnerabilities

Talk
Industry track
Profile picture for user rabbitlair
Ezequiel
Vazquez
Developer
Lullabot

Periodically, security releases are published to patch vulnerabilities and make our websites secure again, but do we know exactly how these vulnerabilities (and their exploits) work behind the scenes? How does the patch change our code, so the vulnerabilities are fixed and the risk mitigated?

3.02 hassium
Expertise topics

Decentralized Dynamic Federation of Rocket.Chat Servers

Talk
Industry track
Profile picture for user gabriel.engel
Gabriel
Engel
CEO
Rocket.Chat

Creating a collaboration and communication platform to service millions of global users conventionally requires the design and resources of a centralized and proprietary nature, managed by a single entity.   Users either have to pay or trade privacy and security for the convenience and ubiquity of access.  With recent theft and massive lost of user data across well known social networks and other massive centralized public facing platforms, th

Materials

2.02 chromium

Entity access for lists: A crucially missing piece of the puzzle

Talk
Industry track
Profile picture for user kristiaanvandeneynde
Kristiaan
Van den Eynde
Senior Drupal developer
 

With Drupal 8, we received more powerful control over who can do what to a specific entity. The only downside is that this whole system does not apply at all to entity lists. The only exception being nodes (content), which still use the rather complex yet limited grants system. It's time we fix that and come up with a solution that works for all entities, all operations and still has decent performance.

Materials

3.02 hassium

Hackers automate but the Drupal Community still downloads updates on drupal.org or: Why we need to talk about Auto Updates

Talk
Industry track
Profile picture for user joe
Joe
Noll
CEO
Drop Guard
Profile picture for user hernani
Hernani
Borges de Freitas
Technical Architect
 

This session will highlight these topics:

  • The current state of the Drupal community and their common update processes from a security point of view
  • What’s the Automatic Update Initiative discussion about?
  • Auto Updates in Drupal - future case discussion

Materials

spectrum A

Let's write secure Drupal code!

Talk
Industry track
Profile picture for user tatarbj
Balazs Janos
Tatar
Technical Project Manager, Security researcher
European Commission

In my session I'll show the most common vulnerabilities that our Drupal code can have and how we should be prepared to avoid such an unsecure code to be released. The presentation covers trends in vulnerabilities, starting in general aspects then showing Drupal specific ones. I'll also speak about what we should do if we find any vulnerabilities in contributed solutions.

2.07 aurum

Open source software at European Commission's IT department

Talk
Industry track
Profile picture for user przybmk
Marek
Przybyszewski
Information Systems Architect
European Commission, DIGIT
Profile picture for user giortch
Chrysanthi
Giortsou
Deputy Head of Unit
European Commission, DIGIT

This talk will present the use of open source software at the European Commission as well as dive into the EU-FOSSA initiative.

2.03 vanadium
Expertise topics

Responsible disclosure, cross-project collaboration, and Drupal 8 security

Talk
Industry track
Profile picture for user xjm
Jess
(xjm)
Code and Community Strategist
Acquia

The Drupal project has been following a responsible disclosure model for more than 12 years. As Drupal has grown from a few thousand installs to more than 1 million, and as the number of contributed projects on Drupal.org has grown from tens to tens of thousands, the Drupal Security Team has continually evolved our processes to scale our security coverage.

Materials

spectrum A

SIWECOS - CMS security sponsored by the German government

Talk
Industry track
Profile picture for user d.jardin
David
Jardin
Joomla Security-Team Lead
Joomla
CMS Garden e. V.

OpenSource CMS like Drupal, WordPress or Joomla are extremly popular targets for all sorts of attacks. Most of them are available 24/7 and hosted on powerful machines, making them very valuable tools for further attacks once compromised. In this session I want to tell you about SIWECOS, a project funded by the german ministry of economics, that wants to improve the security of CMS-based websites.

Materials

spectrum A
Expertise topics

The OpenEuropa Initiative

Talk
Industry track
Profile picture for user ademarco
Antonio
De Marco
Director
Nuvole Web
Profile picture for user jfhovinne
Jean-François
Hovinne
Owner
Cleverway
Profile picture for user hernani
Hernani
Borges de Freitas
Technical Architect
 

During this session, we will present the OpenEuropa Initiative, the Open Source components that you can already use in your projects, and the (micro)Service Oriented Architecture and Technical Governance that drive the design and development of these components.

spectrum A

Willy Wonka and the Secure Container Factory

Talk
Industry track
Mr
Dave
Hall
Managing Director
Dave Hall Consulting

Hold your breath, make a wish
Count to three

Come with me and you'll be
In a world of pure implementation
Take a look and you'll see into your pipeline
We'll begin with a spin
Securing containers of your creation
What we'll see will have lots of explanation

Materials

spectrum A

With Great Power, Comes Great Responsibility

Talk
Industry track
Profile picture for user Cellar Door
Chris
Teitzel
Founder / CEO
Lockr

As developers, we are capable of many amazing feats. We can create experiences that touch the lives of millions, brings aid to the corners of the world, empowers new businesses and bring a voice to the voiceless. However with this capability, we must also take on the responsibility for the people, and data, we interact with.

 

Materials

2.04 titanium
Expertise topics

Platinum sponsors