I was recently invited to give a presentation on my thoughts about security best-practices for the Charlotte Craft CMS Developers Group. I ended up giving a high-level overview of what I believe are the most important things everyone must understand in order to build secure sites and software.
I kicked off the presentation with a recap of the results of a phishing experiment I did, starting at minute 00:55, as a follow up to this article. Spoiler alert, I caught a phish!!
I then went on to present the following security best-practices at minute 09:44, which is where the video below begins. To summarise:
- Don’t make yourself an easy target.
- Keep software updated.
- Put an automated process in place to catch issues early.
- Leave an audit trail.
- Run security drills.
- Perform user training.
For a more in-depth look at securing Craft CMS, watch the full meet-up presentation with Justin Holt and Nevin Lyne.