Web security vulnerabilities are a real threat to your business goals and should not be taken lightly, your site is probably insecure. In this full-day session you'll learn how to evaluate your risks and secure your site and processes.

The training begins with a review of the most common kinds of vulnerabilities found in Drupal sites. We'll then break them down and focus on the specific ways to address those problems in both site configuration and code.

In particular we will cover:

• Insecure configurations
• Recommended security focused modules
• Cross Site Scripting
• Cross Site Request Forgeries
• Access bypass, the menu system, and permissions
• SQL Injection and the Database API

The day will end with a practical, hands-on site review where attendees will have time to review a Drupal site to identify and fix individual vulnerabilities.

Course Prerequisites

Experience with Drupal and some experience looking at or writing code for modules or themes.
You will need a laptop with a working Drupal environment where you can install new modules and build a new site. Please check the mandatory laptop set up here: http://training.acquia.com/seeyousoon

Target Audience

This class is for developers, themers, sysadmins, security experts, and people who do one or more of those things.

Meet the Trainers

Ben Jeavons is a member of the Drupal Security Team, co-author of the Drupal Security Report and works at Acquia on application management tools for Drupal, including security analysis and testing tools.

Cash Williams is a member of Acquia’s Professional Services division where he performs security audits, as well as works on security related projects. Cash has performed audits on some of Acquia’s highest profile sites, both in the commercial and government sectors. He also has a traditional education in Information Security (Masters of Science in Digital Forensics).

David Stoline is a long-time Drupal contributor and recently presented on Drupal security at Capital Camp. At Acquia, David is a technical lead for several government clients and has experience operating and securing some of the world’s largest Drupal installations.

Course Information

Experience Level: Intermediate
Drupal Version: NA
Company: Acquia
Instructor(s): Ben Jeavons (coltrane), David Stoline (dstol), Cash Williams (cashwilliams)