Add new comment

Drupal Security Learning Opportunities: fall 2011

This is partially a continuation of yesterday's post on Growing Drupal contributors and the project application process.

Over the next 2 months there are at least five great ways you can learn about security in Drupal.

Mentoring for project application reviewers

If you do a project application review (learn what/why) I will gladly mentor you in how to do the security review portion of that review. There are a few things I tend to look for, and I'm not perfect in what I do, but the more people who learn how to do it the better. I think a one-on-one mentoring would be really helpful in this regard to give people the confidence to look for security issues themselves. It would be helpful if you have already read writing secure code in the Drupal handbook and/or my book on security. So, this counts as two ways: free mentoring and links to free documentation and a paid book ;)

In my role as Directory of Security Services at Acquia I've had some time in the last weeks to do a lot of reviews on new modules (focused on security). However in the next weeks I have a pretty busy schedule so I'm looking to expand the pool of folks who are knowledgable enough and willing to do these security reviews.

Obviously I have to balance this program with normal work, but I am dedicated to up to one person per day. So, if you are interested in this let's follow the process I laid out on groups.drupal.org.

BADcamp Sessions

This past weekend was review of how Drupal Security compares and fellow Drupal Security Team member Matt Chapman delivered keeping your site secure. The BADCamp folks recorded all the sessions and will be posting videos in the coming weeks.

Webinar on security: Tuesday the 25th

On October 25th at 1PM New York Time I will be giving a webinar about security. It will be a quick review of some important topics:

  • General security theory
  • Comparison of Drupal to other CMS options
  • How to identify common mistakes with the Security Review Module
  • Benefits of a security audit

I'll be sharing best practices for protecting your Drupal site against common security attacks. This session will include a discussion of some of the most common vulnerabilities he's discovered when auditing sites and the best tools to overcome them.

Drupal Training at Drupalcamp Austin

The amazing folks in Austin are putting on Drupalcamp Austin again this year and they've decided to add a training component integrated into the camp days. So, on Saturday November 19th from 8:45 to 12:15 I will be delivering an in-depth "let's look at code" Security Training.

And no doubt there will also be some security sessions at Drupalcamp Austin.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Filtered HTML

  • Use [acphone_sales], [acphone_sales_text], [acphone_support], [acphone_international], [acphone_devcloud], [acphone_extra1] and [acphone_extra2] as placeholders for Acquia phone numbers. Add class "acquia-phones-link" to wrapper element to make number a link.
  • To post pieces of code, surround them with <code>...</code> tags. For PHP code, you can use <?php ... ?>, which will also colour it based on syntax.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <h4> <h5> <h2> <img>
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.