Security: Process, Code & Hands-on Training
Date: Monday, March 19, 2012
Session Time: 9:00am-4:30pm
Breakfast and Lunch will be provided.
Need more info? Check out the Training 101 page for more!
This course runs separately from Drupal.gov Information Assurance which follows immediately after.
Web security vulnerabilities are a real threat to your goals and should not be taken lightly, your site is probably insecure. In this full-day session you'll learn how to evaluate your risks and secure your site and processes.
Who will gain the most from this course?
Anyone responsible for the security of a Drupal site(s).
What will you learn?
Web security vulnerabilities are a real threat to your goals and should not be taken lightly, your site is probably insecure. In this full-day session you'll learn how to evaluate your risks and secure your site and processes. We've done a little blog post and made a (silly) video to help explain what we'll be doing during the day.
The training begins with a review of the most common kinds of vulnerabilities found in Drupal sites. We'll then break them down and focus on the specific ways to address those problems in both site configuration and code.
In particular we will cover:
- Insecure configurations
- Cross Site Scripting
- Cross Site Request Forgeries
- Access bypass, the menu system, and permissions
- SQL Injection and the database api
The day will end with a practical, hands-on site review where attendees will have time to review a Drupal site to identify and fix individual vulnerabilities.
What will you receive during the course?
Printed list of references, code samples. Also a coupon for 1 month of free access to Drupalize.me, the video learning resource created by Lullabot, an Acquia partner, and Platinum sponsor of DrupalCon.
Pre-requisites for the course
Experience with Drupal and some experience looking at or writing code for modules or themes.
You will need a laptop with a working Drupal environment where you can install new modules and build a new site. If you haven't got this already, download Dev Desktop from Acquia.