Drupal and Security : Advice for Site Builders and Coders

The recent SA-CORE-2014-005 vulnerability has demonstrated that hackers have learnt how to take advantage of Drupal’s functionality to infect a site and go unnoticed. Site builders and site maintainers have a large role to play in preventing these kinds of disasters. Security doesn’t have to be a pain to implement and plan for.

The primary goal of this session is to give people a solid basis in the most common security issues so they can quickly identify those security issues. From there, we'll move into some other common pain-points of site builders like frequently made mistakes, modules to enhance security, and evaluating contributed module quality.

The session will give an idea of What are things Should Do and Things should not Do for Developers, Themers and Site Builders. 


Key points:

  • Security outside Drupal: safe computing
  • What to do about weak passwords
  • Can Drupal protect against DDoS attacks?
  • How can the Drupal community help you to achieve optimal security
  • Configuration mistakes to that make you vulnerable, and ways to avoid them
  • The single most important security element: fast updates
  • Developer cheat sheet: protect your code against XSS, SQLi and CSRF
  • Security improvements in Drupal 8

Live Demo on the Different type of Security vulnerability attacks in Drupal and methodologies to resolve them.