Drupal is a huge and complex piece of software, and as such it is prone to bugs, some of which are security related. A quick perusal of the the Drupal security announcments reveals that new security vulnerabilities are being fixed nearly every week. This means that virtually every Drupal site is vulnerable, and most are under near constant attack or attacker scrutiny. Understanding what motivates attackers to compromise Drupal sites can help you to better position your site to withstand, and recover from, an attack. This session will cover topics of best practices around securing your Drupal infrastructure as well as an examination of defensive techniques you can use to help identify and limit a successful intrusion. The session will cover a number of common threat scenarios along with solutions you can implement on your Drupal sites. Come hear about how an attacker might try and abuse your site, whether it be to spread malware, to trick users into visiting malicious sites, attempting to guess your administrative password, or simply sending spam, and how you can stop them.