This course offers a basic introduction to security when developing modules, themes and site building within Drupal. Students will learn common web application vulnerabilities and exploits, as well as the common ways to guard against them when working with Drupal. Topics will range from basic site configuration of permissions to introductions to SQL injection and other more advanced attacks. Students also will have the opportunity to understand how hackers work by participating in hands-on exercises exploiting and recovering Drupal sites. At the end of the course, students should have a good understanding of basic security risks and how to protect their sites, and be ready to dive deeper into the more complex aspects of web application security if they desire.
- Discuss common web application vulnerabilities and how they apply to Drupal
- Understand proper configuration of Drupal for security including input filters, permissions, password obfuscation and other hardening measures.
- Discuss best security practices and options when working with Acquia Cloud.
- Have a basic understanding of how to recover a Drupal site from an attack, using the Security Review module, code scans and manual vulnerability testing.
- Have an introductory-level experience of how SQL injection, XSS and other exploits are used, and how to write these exploits to know how attackers work and how to prevent it.
- Have a general understanding of SSL.
- Be prepared for further learning and deeper dives specific vulnerabilities and more advanced security topics.
The training sessions will be held between 10AM to 5PM. If possible, try and arrive between 9:30 and 9:45, so that we can get any technical issues solved and start the session promptly. If you have any questions about the course you may contact the trainer, firstname.lastname@example.org.