Hack Proof Your Drupal App BoF?
From Szeged to DC - we'd be willing to reprise this lively session that was offering at Drupalcon in Szeged, Hungary for DC attendees - interested? Just let us know...
Hack Proof Your Drupal App
What you don’t know can hurt you. Analysts estimate that 75% of attacks against web servers enter at the application, not the network level. As many as 15% of these attacks are due to poor coding practices. With the help of well known security firms, we'll discuss ways to secure your Drupal application.
Agenda
• See For Yourself - demonstrations of application attacks
• Case Study: Secrets to Securing a Social Network
• Key Habits of Secure Drupal Coding
• Vulnerability Detection to Remediation
• Security Resources for Drupal Applications
• Discussions
Goals
You will learn best practices you can employ right now to build secure Drupal application code that meets security compliance standards and maintain customer confidence.
Resources
Drupal.org
• http://drupal.org/writing-secure-code
• http://drupal.org/node/28984
Drupal Security Team
• http://drupal.org/node/32750
Pro Drupal Development book
• http://drupalbook.com
Drupal Tools
• Update module (http://drupal.org/project/update_status)
• Coder module (http://drupal.org/project/coder)
• Interactive debuggers (Zend, XDebug)
Speakers
Erich Beyrent
Erich has 11 years experience in web technologies, specializing in open-source solutions and application integration. He has worked in both the private and higher education sectors, and led the team that built Greenopolis.com, an environmentally-themed social networking and education site. Erich is the author of the Permissions API module.
Chris Pliakas
Chris is an engineer and systems administrator at CommonPlaces eSolutions,
LLC in Hampstead, New Hampshire, and is the author of the Lucene API module. He is an open source enthusiast who has been building Internet applications with Drupal for a little over a year. Chris is a Zend certified PHP 5 Engineer, a certified MySQL 5 developer and administrator, and holds a Linux Professional Institute Level 1 certification. In future projects, Chris hopes to integrate the Zend Framework into Drupal and move bring the more advanced language constructs PHP 5 has to offer into the Drupal community.
Mike Machnik
Prior to joining CommonPlaces, Mike worked as a Software Engineer at Cabletron/Aprisma for 9 years where he combined his "traditional" software engineering background with his knowledge of web applications development while working on a client-server enterprise network management system written in C and C++. As a member of our Engineering department, Mike is responsible for developing the functionality of website and application projects including CMS (Drupal) and e-Commerce systems. He holds an MS, Computer Science, from Boston University, Boston, MA and a BS, Computer Science, Merrimack College, Andover, MA. Mike has over 13 years extensive experience developing, testing, and maintaining large-scale distributed Client-server applications. He has developed applications for Clients in the creative industry using PHP, MySQL, CSS, HTML and Javascript at InTouch by Design, including electronic routing & approval and project management systems. As a consultant, Mike created content administration systems for several clients including local arts group and an NCAA Division I college hockey conference, the latter entailing a PHP/MySQL scoreboard management system and the ability to make information available to wireless devices using WML.
2 Comments
Please revise this session for DrupalconDC
I will be at DrupalconDC through Saturday for the Code Sprints. Any time slot you are available to hold this session I would really appreciate hearing others thoughts and methodologies on this subject. Thanks
If you look at the schedule,
If you look at the schedule, there are two presentations back-to-back regarding Drupal security on Friday in the Trellon room. Neil Drumm, Greg Knaddison, and Matt Cheney are presenting, and they will be covering most of the same concepts that I covered in the Szeged presentation.