Secure Drupal Code: Vulnerabilities, APIs & Automated Tools

Despite a strong API and best-practices for writing secure code, developers and site-builders make mistakes and introduce vulnerabilities on the web. Your site is at risk to attack and handling an attack is costly. As a developer you should be writing secure code from the beginning and understand the types of attacks that exist.

In this technical session, Drupal Security Team member Ben Jeavons will describe popular security risks on the web and cover writing secure Drupal code.

Security risks you should be worried about
Thinking like a hacker
Vulnerabilities like XSS, CSRF and SQL injection
Automation tools: static, configuration, and reporting

Ben is very involved with Drupal security. He's been working on different tools and educational material related to Drupal for the last few years helping to produce:

The Drupal Security Report a condensed whitepaper that tries to answer the question "Is Drupal secure enough for my organization?"
The Drupal Scout Knowledge Base full of articles and tutorials about how to be more secure with Drupal
The Security Review module.
The security checks in Acquia's Insight tool

Schedule info

Status:

Proposed

Session Info

Speaker(s):

coltrane

Track:

Coding + Development

Experience level:

Intermediate

Comments

greggles replied on Tue, 02/19/2013 - 16:10 Permalink

Great topic from a great presenter. Yay.

rgristroph replied on Sun, 02/24/2013 - 17:26 Permalink

I can vouch for Ben as a presenter on this topic, I will probably attend the talk as a refresher if it is accepted.

tyler.frankenstein replied on Fri, 03/01/2013 - 21:49 Permalink

This sounds great. I want to continue to keep my secure coding practices sharp, I look forward to this one!

Diamond

Secure Drupal Code: Vulnerabilities, APIs & Automated Tools

Comments

Search form