Security: Process, Code & Hands-on Training

Time: Monday, March 7 from 9:00am - 5:00pm
Coffee and registration starts at 8:30am.

Location: Gleacher Center, Room 604
(Gleacher is cross the street from the Sheraton Chicago at 450 North Cityfront Plaza Drive)

Course Description:
Web security vulnerabilities are a real threat to your goals and should not be taken lightly, your site is probably insecure. In this full-day session you'll learn how to evaluate your risks and secure your site and processes.

The training begins with a review of the most common kinds of vulnerabilities found in Drupal sites. We'll then break them down and focus on the specific ways to address those problems in both site configuration and code.

In particular we will cover:

  1. Insecure configurations
  2. Cross Site Scripting
  3. Cross Site Request Forgeries
  4. Access bypass, the menu system, and permissions
  5. SQL Injection and the database api

The day will end with a practical, hands-on site review where attendees will have time to review a Drupal site to identify and fix individual vulnerabilities.

The first version of this class was given at Drupalcon San Francisco. 88% of survey respondents said they would take the course again.

About your trainers
Ben and Greg are both members of Drupal's Security Team. Ben is the author of the Drupal Security Report and blogs on Cracking Drupal including this demonstration of XSS in Drupal. Greg is the author of the Cracking Drupal book.

Students will need to bring:

  • A text editor or IDE for reviewing Drupal code
  • Knowledge of how to write code in Drupal, or the desire to learn
Maximum attendees: 
Growing Venture Solutions

Diamond Sponsors


Platinum sponsors


Gold Sponsors

Chapter Three
Drupal Connect
Treehouse Agency