Drupal security training at Drupalcon Portland
by Ben Jeavons
Did you know that there is a strong likelihood a Cross Site Scripting vulnerability exists on your site? Have you specifically tested your site for XSS or other vulnerabilities? Are you not sure what that even means?
At DrupalCon Portland learn best practices of Drupal security with a full-day course from members of Acquia’s Engineering and Professional Services teams. We’ll show you what vulnerabilities you are most at risk for and the technical specifics of attacks like XSS and SQL injection. You’ll learn how to find and fix vulnerabilities during an in-depth, hands-on study of a vulnerable site.
Participants will finish with a strong understanding of web application risks and the means to combat them. 100% of survey respondents of the Security Training at DrupalCon Munich said they would recommend this training to others. You can’t beat that!
What you will learn
- How to discover vulnerabilities and exploits
- Identifying and averting specific vulnerabilities like XSS, CSRF, SQL injection, access bypass and more from the OWASP Top 10 list
- Leverage Drupal’s API as it relates to security: menu system, permissions, safe handling of user input and the form API, database API
- How to communicate with the Drupal Security Team and responsible disclosure
- Security-related tools and processes to help maintain a secure system
The training will be held on May 20th as part of before DrupalCon Portland. Signup at http://portland2013.drupal.org/training/security-process-code-hands-trai...
About the trainers
- Ben Jeavons is a member of the Drupal Security Team, co-author of the Drupal Security Report and works at Acquia on application management tools for Drupal, including security analysis and testing tools.
- Cash Williams is a member of Acquia’s Professional Services division where he performs security audits, as well as works on security related projects. Cash has performed audits on some of Acquia’s highest profile sites, both in the commercial and government sectors. He also has a traditional education in information security (Masters of Science in Digital Forensics).
- David Stoline is a long-time Drupal contributor and recently presented on Drupal security at Captal Camp. At Acquia, David is a technical lead for several government clients and has experience operating and securing some of the world’s largest Drupal installations.