Add new comment

Drupal Security: Protect Against CSRF [May 15, 2012]

Want to learn more about Acquia's products, services, and happenings in the Drupal Community? Visit our site:

In this webinar, Greg Knaddison (Drupal Security Team Lead & Acquia's Director of Security Services) will provide an introduction to Cross Site Request Forgeries (CSRF) and strategies for how to protect against it using Drupal's API. CSRF is a common developer mistake, especially when creating rich, Ajax interfaces. The webinar will start by diving deep into the technical details of how CSRF attacks work including a demonstration of recent CSRF vulnerabilities. Next we'll look at the two most common recipes for fixing CSRF in Drupal. The session will end with a Question & Answer period where you can ask your questions about how CSRF works.

• a href="/about-us/team/greg-knaddison">
• a href="/products-services/acquia-professional-services/service-offerings">

Publish on date: 
Tuesday, May 15, 2012

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Filtered HTML

  • Use [acphone_sales], [acphone_sales_text], [acphone_support], [acphone_international], [acphone_devcloud], [acphone_extra1] and [acphone_extra2] as placeholders for Acquia phone numbers. Add class "acquia-phones-link" to wrapper element to make number a link.
  • To post pieces of code, surround them with <code>...</code> tags. For PHP code, you can use <?php ... ?>, which will also colour it based on syntax.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <h4> <h5> <h2> <img>
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.