My takeaways from "The Pragmatic Guide to Defending Drupal"
These are my key takeaways from the DrupalSouth '22 talk - "The Pragmatic Guide to Defending Drupal". It covered ways to defend Drupal from cyber attacks but can also be used in other stacks. They are categorised into the following environments: local dev - your day to day development environment pull request/ deployment - the process of pushing your code to your repo hosting/prod environment - your production environment Key takeaways Have an incident response plan (local dev environment) Can be as simple as using your README.md file with the following headings If you look after multiple sites, use a central document or handbook for the organisation to refer to It tells owners what to do in case of an incident Use a CDN (hosting/prod environment) Cloudflare, Fastly and Akamai were mentioned (I work with Cloudflare, it has many defense mechanisms) Amazon Cloudfront - recommended if you are already hosting with AWS CDNs provide a way to mitigate the attack at the proxy