Cracking Drupal

As a member of the security team I have seen a lot of code and what can go wrong with it. This talk aims to educate you about the OWASP top 10 and share some experience about web application security including about:

XSS, CSRF, Access Bypass, SQL injection, DOS explained
Secure configuration (web server, file permissions, etc.)
Tools and Modules to improve security on your site
I will show you a few common mistakes that Drupal Developers make when they write code and how they can be avoided

This session is relevant to all PHP web applications, but code examples are mostly from Drupal core 7.x and 8.x. The session will also touch on some security improvements in Drupal 8 such as using auto-escaping in the Twig template engine (XSS prevention) and built-in CSRF token support in the routing system.

Speaker(s):
pwolanin
About the Speaker(s):


Top 10 core contributor for Drupal 6 and 7. Top 25 Drupal 8 contributor.
Member of the Drupal Security team since 2008
speaker at multiple DrupalCons and other conferences and camps
organizer for monthly central NJ Drupal meetup
organizer for DrupalCamp NJ 2012 through 2019
https://www.drupal.org/user/49851

https://drupaldelphia.org/session/cracking-drupal