This site is archived.

Drupal Security for Coders and Themers

Code & Development

Presenter:

Drupal Security for Coders and Themers

Additional Presenters: Jakub Suchy

Track

Code & Development

Experience

Focus

Developer | Themer

Drupal Security for Coders and Themers

Day: Tuesday, 24. august 2010

Time: 09:00-09:50

45 minutes (+15 minutes Q&A)

Room:

tags

Learn from members of the Drupal security team about common vulnerabilities in module and theme code, how to spot them, and how to write secure code yourself.

A conceptual framework for handling user input safely, as well as the security aspects of Drupal APIs will be covered.

We will demonstrate Cross Site Scripting vulnerability and Cross Site Request Forgery vulnerabilities that have been found in contributed modules, and show how dangerous they are to your site and how they were fixed.

Resources

The "drupal confirmation

24. August 2010 - 10:00

The "drupal confirmation form" API is actually http://api.drupal.org/api/function/confirm_form/6

Frédéric G. MARAND

a PDF of the slides are at:

24. August 2010 - 11:34

a PDF of the slides are at: http://acquia.com/blog/drupal-security-presentation-drupalcon

Peter Wolanin