Cracking Drupal

May 10, 2019

As a member of the security team I have seen a lot of code and what can go wrong with it. This talk aims to educate you about the OWASP top 10 and share some experience about web application security including about:

XSS, CSRF, Access Bypass, SQL injection, DOS explained
Secure configuration (web server, file permissions, etc.)
Tools and Modules to improve security on your site
I will show you a few common mistakes that Drupal Developers make when they write code and how they can be avoided

This session is relevant to all PHP web applications, but code examples are mostly from Drupal core 7.x and 8.x. The session will also touch on some security improvements in Drupal 8 such as using auto-escaping in the Twig template engine (XSS prevention) and built-in CSRF token support in the routing system.

About the Speaker(s):

Top 10 core contributor for Drupal 6 and 7. Top 25 Drupal 8 contributor.
Member of the Drupal Security team since 2008
speaker at multiple DrupalCons and other conferences and camps
organizer for monthly central NJ Drupal meetup
organizer for DrupalCamp NJ 2012 through 2019

Hi! I'm Karim Boudjema, the developer and site-builder of this site. I'm currently working as a freelance Drupal developer.

I was wondering how could I giving back to the Drupal community all what it gave to me during the last 10 years, that's how the idea of this site came to me ... (read more)

Hi! I’m Santiago Rico, the web designer and themer of this site.

When Karim proposed me to design and theme this site for the Drupal community, I accepted immediately because the community is the main reason why I love Drupal so much.