Drupal and Security: Advice for site builders and developers
This session is intended for Drupalers who would want to avoid security loopholes while writing code or architecting solutions. We will delve into common security issues that ail custom code and will use practical examples using both vulnerable and secure code snippets. This session will mostly about my encounters and experience after doing 1000+ project application reviews and could also serve as a good guideline for new contributors.
Some of the things that we will discuss in the session with live examples of each:
Cross-Site Scripting (XSS)
Access control over your menus entries using permissions(Menu access bypass)
Node access bypass
Correct use of drupal_goto unless leads to vulnerability
Common Security Strategies
Security Improvements in Drupal 8
How to use contributed modules securely
Contributed modules to increase security.
- See more at: http://2017.drupalmumbai.org/session/drupal-and-security-definitive-guid...