I was brought on board to help recover a website that was possibly exploited by hackers, a Drupal 7 project. What triggered the investigation? My client was informed that their customers were receiving spam emails from the website.
After a thorough review of the project's code base and database. I found multiple exploits and backdoors. All of the issues/exploits were within the Drupal core. None of the contrib. or custom modules were exploited.
Drupal 8 has a really great configuration synchronization system, and is great for syncing up different environments. When creating new modules and adding new fuctionality I really enjoy working with Drupal 8's configuration synchronization tool. Not only does this tool take the guesswork out of updates that need to be made on other environments. The configuration synchronization also allows for all changes to be documented.