DrupalCamp Atlanta 2016: The Story of an Insecure Module (Mark Shropshire)

There once was a Drupal module who wanted so badly to have a stable release, but they were insecure. As a useful and promising module to the Drupal community, they were so afraid that poor coding standards and lack of community reviews could lead to XSS, information disclosure, sql injection, and other vulnerabilities for their users.

The Drupal community is one of sharing and support. As a result, the module in this story takes the opportunity to learn and grow from the lessons of other modules and contributors to become much more secure and confident. The module becomes capable of being promoted to a full project and having a stable release. The community rejoices!

Come take a journey through this module's security audit and how their developer resolved each and every finding, following Drupal best practices for writing secure code.

Related drupal.org Security Example sandbox
https://www.drupal.org/sandbox/shrop/2821723

Learn more: http://drupalcampatlanta.com/2016/sessions/story-insecure-module

Drupal is a registered trademark of Dries Buytaert.