Drupal Security Best Practices

allisoncollins's picture
Start: 
2016-03-17 10:00 - 17:00 America/New_York
Organizers: 
Event type: 
Training (free or commercial)

Hi Everyone,

Isovera will be holding a Drupal Security Best Practices training on Thursday March 17, 2016 in Waltham, MA. This course offers a basic introduction to security when developing modules, themes and site building within Drupal. Students will learn common web application vulnerabilities and exploits, as well as the common ways to guard against them when working with Drupal. Topics will range from basic site configuration of permissions to introductions to SQL injection and other more advanced attacks.

Students also will have the opportunity to understand how hackers work by participating in hands-on exercises exploiting and recovering Drupal sites. At the end of the course, students should have a good understanding of basic security risks and how to protect their sites, and be ready to dive deeper into the more complex aspects of web application security if they desire.

Prerequisites:
This course is written for intermediate to advanced Drupal developers with little to no security experience. Students should be proficient with PHP, JavaScript, MySQL and developing using all of these languages within the Drupal CMS. Students should be comfortable setting up a local Apache environment for Drupal development as well as working with Drush. It is expected to have a working Apache, PHP and MySQL install on the student’s machine when they arrive for the class.

By the end of the training you will be able to:
-Discuss common web application vulnerabilities and how they apply to Drupal
-Demonstrate proper Drupal coding practices for security including writing secure queries, preventing any user injection of JavaScript and understanding proper usage of access control within code.
-Understand proper configuration of Drupal for security including input filters, permissions, password obfuscation and other hardening measures.
-Discuss best security practices and options when working with Acquia Cloud.
-Have a basic understanding of how to recover a Drupal site from an attack, using the Security Review module, code scans and manual vulnerability testing.
-Have an introductory-level experience of how SQL injection, XSS and other exploits are used, and how to write these exploits to know how attackers work and how to prevent it.
-Have a general understanding of SSL.
-Be prepared for further learning and deeper dives specific vulnerabilities and more advanced security topics.

Boston

Group categories

More Specifically

Group events

Add to calendar

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: