Security in Drupal: what can go wrong?

Let's "get off the island" and look at Drupal security from the point of view of an outsider.

The OWASP Top Ten is an industry standard list of the most common vulnerabilities that can affect web sites. This session will start with an overview of the Top Ten, and then take a more detailed look at a few of these vulnerabilities. We will review some actual Drupal security advisories:

  • What the vulnerability looks like
  • How the Drupal security team communicates the problem
  • The code that was updated to fix the problem

Only a few of the slides fall under the last bullet point. You do not need to be a developer to appreciate the rest.

Audience Level
10:00 - 10:45 AM
Conf Day
Rhode Island (Gaige 201)
Profile picture for user benjifisher
Senior Developer

I am one of the maintainers of the migration subsystem (Migrate API) in Drupal core.

I moderate the weekly Drupal Usability meeting.

I am a member of the Drupal security team.

I choose to work with Drupal, and other open-source software, because I hate the idea of duplicated effort. When I solve a problem, I want to share my solution so that no one else has to struggle with it.