Well well well. Let's look at Drupal Security for developers and themers.
First, we'll look at the most common security vulnerabilities that are found in Drupal. Then we'll look at actual ways to exploit those vulnerabilities (with sample exploits you can try out yourself!). Then we'll talke about the ways to fix vulnerabilities. Finally, we'll wrap up the session with some quick tips of management practices and modules to install to make your site more secure.
Specifically this will cover:
- Cross Site Scripting - the attacker's version of Ajax
- Cross Site Request Forgeries - what was your intent?
- SQL Injection - Drupalgeddon, right?
- Access Bypass - do what you like, when you like
- My favorite security modules
- Some ideas on how to avoid getting exploited