This year, the event took place in Munich, Germany, and Oliver Hader, Benni Mack, and Torben Hansen from the Security Team represented TYPO3.
After a casual get-together with all participants the evening before the event, we spent two full days at Google Munich and the Information Security Hub (ISH) to learn about new and upcoming developments in web security.
There were many great presentations and lighting talks on web and security technologies, end-user security and data privacy, reducing injection potential, and isolation techniques for distributed requests.
Breakout sessions allowed participants to collaborate in unconference discussions on security-related topics:
- Rapid detection and fast response/prevention
- Security tools and APIs
- Automatic updates
- Standardized distribution of security bulletins
- Security release window coordination among projects
- Two-factor authentication as default for CMS developers and admins
- Better static code analysis tools that enable prevention
- Security signals / score in Chrome Dev Tools
- Funding security Improvements in CMSs
Great Initiative—Thanks Google!
For TYPO3, the event was a great success with much valuable input and fruitful discussions. It also brought attention to several topics we will work on to improve the security of TYPO3 and its ecosystem, such as enforcing SameSite cookies, extending static code analysis coverage and refining our process documentation.
We would like to say thanks to Google for organizing the event and to all participants for being active and passionate about improving security.
Proofreading: Mathias Bolt Lesniak