Once again we will be delivering security training at the upcoming Drupalcon. Along with dozens of other training offerings there will be Security: Process, Code & Hands-on Training.
This course will be co-taught by Erik Webb and Greg Knaddison.
An excerpt of the description:
Who will gain the most from this course?
Anyone responsible for the security of a Drupal site(s).What will you learn?
Web security vulnerabilities are a real threat to your goals and should not be taken lightly, your site is probably insecure. In this full-day session you'll learn how to evaluate your risks and secure your site and processes. We've done a little blog post and made a (silly) video to help explain what we'll be doing during the day.
The training begins with a review of the most common kinds of vulnerabilities found in Drupal sites. We'll then break them down and focus on the specific ways to address those problems in both site configuration and code.
In particular we will cover:
- Insecure configurations
- Cross Site Scripting
- Cross Site Request Forgeries
- Access bypass, the menu system, and permissions
- SQL Injection and the database api
The day will end with a practical, hands-on site review where attendees will have time to review a Drupal site to identify and fix individual vulnerabilities.
Pre-requisites for the course
Experience with Drupal and some experience looking at or writing code for modules or themes.
You will need a laptop with a working Drupal environment where you can install new modules and build a new site. If you haven't got this already, download Dev Desktop from Acquia.
