This site is archived.

Drupal site security for coders and themers

4:15 PM - 5:15 PM
305 Gravitek Labs

Presented by

Greg Knaddison (greggles)
Growing Venture Solutions
Peter Wolanin (pwolanin)
Ben Jeavons (coltrane)
Growing Venture Solutions
Under the HoodUnder the Hood
Technical details: Study servers, Drupal core, module building, and more.

When you put your Drupal site online you expose it to a wide world of hackers who have the potential to attack your site. In this session you can learn about some of the most common problems with code in a
Drupal site so you'll recognize them and be able to protect against them. Join Drupal security team members Greg Knaddison and Peter Wolanin as they give you the tools to hack your site and the knowledge to protect it.

You will specifically learn how to exploit a Cross Site Scripting vulnerability and Cross Site Request Forgery vulnerabilities and then also learn how to protect your code/sites against them.

Attendees will have a chance to win copies of Cracking Drupal.

This shortened free version of the full day pre-conference security session.

About Greg Knaddison:

Greg Knaddison has presented at Drupalcons ever since they were in San Francisco the first time. More recently he has helped organize Drupalcamps in Colorado and presented at Do It With Drupal in New Orleans. As a member of the Drupal Security team for over 2 years and as the author of Cracking Drupal - the only book to really discuss security in Drupal - Greg is a well versed educator on the topic of Drupal security.

About Peter Wolanin

Peter is a dedicated member of the Drupal Security Team helping with dozens of issues each year and with general team infrastructure. As a Momentum Specialist for Acquia he works on several of their services and in support of Acquia's clients.

Experience: Intermediate, Advanced, Expert
Industry: education, entertainment, library, marketing, media, non-profit
Tags: hacking, security

One addition to the description, a new resource was launched during this presentation, the Drupal Security Report -