Drupal Security Training

Our training is based on presentations we've delivered successfully at Drupalcamps and Drupalcons over the last 4 years. In a full-day format it has been delivered twice now: at Drupalcon San Francisco and Drupalcon Chicago. We have provided customized versions of this training to smaller groups and USA government organizations.

Training Schedule

Our full day training follows roughly this schedule:

• Class introductions, learning about the group, setting expectations for the day
• A review of web application security in general
• Discussion of vulnerabilities in Drupal (each section includes overview, demo of vulnerability, review of fixes and demo of some fixes)
  • Access Bypass
  • SQL Injection
  • Cross Site Request Forgeries
  • Cross Site Scripting
• Individual hands-on review of a vulnerable website
• Summary of the day

Prerequisites

• Students must have their own computer available that is capable of running a Drupal 6 or Drupal 7 site.
• Students must be familiar with site building in Drupal (installing modules, changing configurations)
• Students should be comfortable opening Drupal modules and themes in a text editor of some sort
• Students will get more out of the course if they are familiar with programming for Drupal

Interested? Get in touch

We give this training at public Drupal Events on a regular basis such as before Drupalcons and Drupalcamps. We also provide this training in private corporate environments. If you'd like to hire us to train your staff please contact us.