Introduction to Drupal Security for Coders

Saturday, November 19
Half-day, morning (8:30am–12:00pm)
Greg Knaddison

Greg is a member of Drupal’s Security Team and the Director of Security Services at Acquia. Greg is the author of the book Cracking Drupal, blogs about security on and co-author the Drupal Security Report available at

The training begins with a review of the most common kinds of vulnerabilities found in Drupal sites. We’ll then break them down and focus on the specific ways to address those problems in both site
configuration and code.

In particular we will cover:

  • Insecure configurations
  • Cross Site Scripting
  • Cross Site Request Forgeries
  • Access bypass, the menu system, and permissions
  • The format is a mix of lecture and hands-on exercises looking at vulnerabilities and how to fix them.

The first version of this class was given at Drupalcon San Francisco. 88% of survey respondents said they would take the course again.

Students will need to bring:

  • A text editor or IDE for reviewing Drupal code
  • Knowledge of how to write at least some code in Drupal

Intended audience and skill level

People familiar with Drupal configuration and writing PHP - developers and themers.

Price: $75.00

Lone Star Sponsor

Longhorn Sponsors

Armadillo Sponsors

Bat Sponsors