Security: Process, Code & Hands-on Training
In this full-day session you'll learn how to evaluate your risks and secure your site and processes. Web security vulnerabilities are a real threat to your goals and should not be taken lightly, your site is probably insecure. This course was developed for those with experience building and maintaining Drupal sites.
The training begins with a review of the most common kinds of vulnerabilities found in Drupal sites. We'll then break them down and focus on the specific ways to address those problems in both site configuration and code.
In particular we will cover:
- Insecure configurations
- Cross Site Scripting
- Cross Site Request Forgeries
- Access bypass, the menu system, and permissions
- SQL Injection and the database API
The day will end with a practical, hands-on site review where attendees will have time to review a Drupal site to identify and fix individual vulnerabilities.