Think like a hacker: Secure Drupal Code
Drupal is a powerful tool, but for many reasons sites are released with security vulnerabilties. In this technical session Drupal Security Team members Greg Knaddison and Ben Jeavons will break down popular security risks on the web and cover writing secure Drupal code.
- Security risks you should be worried about
- Thinking like a hacker
- XSS, CSRF and access bypass
- Automation tools: static code, pen-testing, reporting
Ben and Greg are very involved with Drupal Security. They've been working on different tools and educational material related to Drupal for the last few years producing:
- Cracking Drupal - the most complete book to talk about security in Drupal
- The Drupal Security Report a condensed whitepaper that tries to answer the question "Is Drupal secure enough for my organization?"
- The Drupal Scout Knowledge Base full of articles and tutorials about how to be more secure with Drupal
- The Security Review module.
- The Security Checks in Acquia's Insight tool