DrupalCon Amsterdam 2019: OWASP Top 10: What are them and how to prevent them

Oct 30, 2019

Ayesh Karunaratne
AKCS, Maradankadawala, Sri Lanka

OWASP is an online community of people who care about web application security (like you and I), and they provide several recommendations to prevent many sorts of online attacks.

This is a 40 minute session that we go through the most common (with OWASP statisitcs), and how we can prevent them. The focus is on PHP language, but the concepts are all the same. PHP 7, 7.1 and 7.2 were released with several feature that can help us with security tightening too, with PHP 7.4 just around the corner will have a few more tricks up its sleeve too!

We will also talk about which type of attacks are most common using historical data of CVEs.: https://st.ayesh.me/files/static/node/185/vulnerability-distrubution.png

CMSs such as Drupal and WordPress provide built-in features that helps us prevent some of these attacks, such as XSS and CSRF (don't worry if these abbreviations make sense, because we will explain them in the talk too!) protection with various approaches.

For each of the vulnerability type we talk about, we will take a look at these built-in protection mechanisms as well as how to implement them in PHP and in Drupal context.

Lastly, we will take a look at some of the recent vulnerabilities, what went wrong, and the rationale behind each of these fixes.

OWASP Top 10 is a vastly widespread topic to cover in a 45 minute session, so this talk will only go through the general ideas and the prevention approaches. It will not make you a security expert at the end of the session, but it will definitely make you aware of these possible vulnerabilities, and how to approach each of them no matter what framework or programming language you use.


This talk was presented in Essen, Germany or SecOSDay, and will be updated to cover recent statistics, threats, and trends.

Hi! I'm Karim Boudjema, the developer and site-builder of this site.

I was wondering how could I giving back to the Drupal community all what it gave to me during the last 10 years, that's how the idea of this site came to me ... (read more)

Hi! I’m Santiago Rico, the web designer and themer of this site.

When Karim proposed me to design and theme this site for the Drupal community, I accepted immediately because the community is the main reason why I love Drupal so much.