Website and web applications security attacks are regular news headlines. From stolen account information to site defacement and corporate espionage, there are many risks online. While Drupal is a secure and mature web application it can be built and configured insecurely or even deployed in an unsafe environment. In this full-day session you'll learn how to evaluate your risks and secure your site and processes.
The day begins with a review of the most common kinds of vulnerabilities found in Drupal sites. We'll break them down and focus on the specific ways to address them in both site configuration and code. The day will end with a practical, hands-on site review where attendees will have time to review a Drupal site to identify and fix individual vulnerabilities.
- Risks on the web and the OWASP Top 10
- Technical specifics of vulnerabilities like Cross Site Scripting (XSS), Cross Site Request Forgeries (CSRF), access bypass, and SQL Injection
- Secure site configuration and writing secure code using Drupal’s APIs
- Security focused modules, automated tools, and maintaining a secure site
- What is the role of the Drupal Security Team
Who will gain the most from this course?
This class is for developers, themers, sysadmins, security enthusiasts, and people who do one or more of those things.
Prerequisites for this course
Experience with Drupal and some experience looking at or writing code for modules or themes.
You will need a laptop with a working Drupal environment where you can install new modules and build a new site.
Date: Monday, June 2
Cost: $475.00 - included breakfast, lunch, and coffee breaks