Securing your Drupal site

Presenter:  Ivica Puljic
Track:  Development & Science
Experience Level:  Intermediate, Advanced
Room:  Hörsaal 6
Start:  28.11.2009 - 10:00
Type:  Session
Language:  English

Do to the nature of web site development most of new web programmers don't have a good knowledge of web application security. Most of new sites are build with web frameworks and cms and even beginner programmer/user can create relatively complex web site without to much effort. In this situation lot of programmers and site admins don't care too much about security. But even if you are building just a small blog site there are many reasons why crackers can target your site - if your site is insecure it can easily become spam relay or source of malware software.

This session will cover next topics:

  • Types of attacks. Before knowing how to protect your self you need to know where danger is and how it can get you.
  • Administering Drupal in Secure Way - it is very easy to open security hole in your Drupal site with just a couple of clicks.
  • Drupal security API.
    • User permissions and menu system.
    • Never trust user input - database sanitization, filtering content, Form API.
    • Be safe in your Drupal Theme.
  • Drupal security modules.
  • Automated Security Testing - Drupal modules and Penetration testing tools.
  • Practical examples - couple of real example how to configure/code Drupal and open security holes in your site.