The training begins with a review of the most common kinds of vulnerabilities found in Drupal sites. We’ll then break them down and focus on the specific ways to address those problems in both site
configuration and code.

In particular we will cover:

• Insecure configurations
• Cross Site Scripting
• Cross Site Request Forgeries
• Access bypass, the menu system, and permissions
• The format is a mix of lecture and hands-on exercises looking at vulnerabilities and how to fix them.

The first version of this class was given at Drupalcon San Francisco. 88% of survey respondents said they would take the course again.

Students will need to bring:

• A text editor or IDE for reviewing Drupal code
• Knowledge of how to write at least some code in Drupal

Intended audience and skill level

People familiar with Drupal configuration and writing PHP - developers and themers.