Security: Process, Code & Hands-on Training
Course Description
Web security vulnerabilities are a real threat to your goals and should not be taken lightly, your site is probably insecure. In this full-day session you'll learn how to evaluate your risks and secure your site and processes.
Learning Objectives
Web security vulnerabilities are a real threat to your goals and should not be taken lightly, your site is probably insecure. In this full-day session you'll learn how to evaluate your risks and secure your site and processes. We've done a little blog post and made a (silly) video to help explain what we'll be doing during the day.
The training begins with a review of the most common kinds of vulnerabilities found in Drupal sites. We'll then break them down and focus on the specific ways to address those problems in both site configuration and code.
In particular we will cover:
- Insecure configurations
- Cross Site Scripting
- Cross Site Request Forgeries
- Access bypass, the menu system, and permissions
- SQL Injection and the database api
- The day will end with a practical, hands-on site review where attendees will have time to review a Drupal site to identify and fix individual vulnerabilities.
Pre-Requisites
You should be comfortable building sites with Drupal. The class is oriented around hands-on exercises on code running on your laptop, so you should be familiar with reading Drupal's code. Experience writing code is a plus.
Audience
This class is for developers, themers, sysadmins, security experts, and people who do one more more of those things.