Talking about security in Drupal

Planet Drupal

This coming fall we'll be talking about security in Drupal so much I can barely believe it.

Acquia Webinar - October 8th online

First up is an Acquia Webinar, which will be a review of security in general and then we'll show two common mistakes that cause the majority of the problems in Drupal sites and modules. The talk will discuss the topic area broadly covering the perspectives of business users, technical users, and developers.

Note, you must register for the webinar before it happens.

BADCamp - October 17th and 18th near San Francisco

Ben Jeavons, a recent addition to the Growing Venture Solutions team, will be speaking on our behalf at the Bay Area Drupal Camp out in California. He will be giving a talk aimed at beginners and site admins called Drupal Security for site administrators and beginners

AppSec - November 12th and 13th in Washington DC

Ben and I will both be headed out to AppSec - the Application Security conference hosted by OWASP - the Open Web Application Security Project. We'll be there mostly to learn and share ideas, not give any presentations per se. But I do think that Drupal's security tools and philosophies could one day form the basis of a presentation at OWASP conferences. We particularly look forward to learning from other folks about security team process - the Drupal security team is always looking to follow best practices and improve upon them.

Do it with Drupal - December 9th, 10th, 11th in New Orleans

I'll be headed down to New Orleans for this year's Do It With Drupal conference. The feedback from last year's event was quite positive and I'm sure that it will be a great event again this year. My talk at DIWD will probably be a mix of sysadmin and developer and general security education - I've got over an hour to play with, so I'm looking forward to it.

Free copies of Cracking Drupal ;)

Yes, that's right, at all of these events we will be giving out free copies of Cracking Drupal to a few lucky audience members. So please come on by and say hello, ask great questions and you may be a lucky winner as well.

Security Review for your Drupal Site

These presentations are nothing new for Ben and I. I've been giving them since Drupalcon DC and Ben since Drupalcamp Colorado. Historically we've given them with the goal of educating the public and hoping to reduce the work the Drupal security team has to do. Educated developers make for secure developers.

What is new is our security review service. More details about that after the Acquia webinar, but if you're interested in having a site or module reviewed for its security please contact us.

The Book, The Report

Cracking Drupal: A Drop in the Bucket

Written by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal and how to prevent them from continuing.

Drupal Security White Paper

Curious about Drupal's security? Consider Drupal but want to make sure it's good enough? Read the Drupal Security Report

Security Review Service

If you are concerned about whether your site is secure, consider using the Security Review Module to get an initial sense. If you're looking for something much more in depth than a module or a book, Drupal Scout offers a Security Review Service for Drupal Sites.

Recent Blog Posts

Cracking Drupal Kindle Edition now available for $14.84 (Still relevant for Drupal 7)

Posted by greggles

0 comments
Using XSS to steal access

Posted by Ben Jeavons

4 comments
Drupalcon Training: Securing your Drupal site with code and configuration

Posted by greggles

0 comments