Drupal is one of the most secure open source CMS Systems and applications framworks - If you treat it well. If not it can be open(ed) for everyone. This session will show the most important best practices to keep Drupal sites secure in every stage of a project's lifecycle, which are: - Development (code) - Sitebuilding (configuration) - Hosting and Operation - Maintenance - Patch management As modern open source software, and Drupal in particular, is more and more based on other open source libraries this slides present a workflow and tools to establish continuous security for Drupal (and other library based open source software) with integration into development and QA processes.