Security is paramount, for almost any web application. We will take a look at security best practices to keep your site safe and take the perspective of an attacker to understand how they exploit things. I will show you common mistakes that Drupal Developers make when they write code and how they can be avoided. As a member of the security team and code review administrator on drupal.org I have seen a lot of code and what can go wrong with it.
Sharing my experience about:
- XSS, CSRF, Access Bypass, SQL injection, DOS explained
- Secure configuration (web server, file permissions, etc.)
- Tools and Modules to improve security on your site