Report: Google CMS Security Summit 2020 in Munich

Categories: Development, TYPO3 CMS Created by Torben Hansen & Oliver Hader
The CMS Security Summit is an annual, invitation-only event organized by Google, where CMS Security team leads share knowledge with industry colleagues to make CMS systems and the web more secure.

This year, the event took place in Munich, Germany, and Oliver Hader, Benni Mack, and Torben Hansen from the Security Team represented TYPO3.

After a casual get-together with all participants the evening before the event, we spent two full days at Google Munich and the Information Security Hub (ISH) to learn about new and upcoming developments in web security.

Security Technology

There were many great presentations and lighting talks on web and security technologies, end-user security and data privacy, reducing injection potential, and isolation techniques for distributed requests.

Breakout Sessions

Breakout sessions allowed participants to collaborate in unconference discussions on security-related topics:

  • Rapid detection and fast response/prevention
  • Security tools and APIs
  • Automatic updates
  • Standardized distribution of security bulletins
  • Security release window coordination among projects
  • Two-factor authentication as default for CMS developers and admins
  • Better static code analysis tools that enable prevention
  • Security signals / score in Chrome Dev Tools
  • Funding security Improvements in CMSs

Great Initiative—Thanks Google!

For TYPO3, the event was a great success with much valuable input and fruitful discussions. It also brought attention to several topics we will work on to improve the security of TYPO3 and its ecosystem, such as enforcing SameSite cookies, extending static code analysis coverage and refining our process documentation.

We would like to say thanks to Google for organizing the event and to all participants for being active and passionate about improving security.

Further Reading

Proofreading: Mathias Bolt Lesniak