I have been attending DrupalCon this week, hosted in the beautiful Hungarian town of Szeged.
I was fortunate in that my company, CommonPlaces, was generous enough to become a silver sponsor for the conference. This gave me the opportunity to present a session on Drupal security, and a BoF session on cross-site request forgeries and mitigation strategies. The session on hack-proofing Drupal applications seems to have been well received; there was a mix of people in the audience in terms of skill levels and knowledge on the topic.
While the information I presented was well documented in various parts of drupal.org and other blogs, I think the practical demonstrations of attack strategies was eye-opening for many in the audience. There is a big difference, in my opinion, between knowing how to prevent a vulnerability and knowing the mechanics and practical application of a vulnerability. The practical demonstrations were handled by Arian Evans from WhiteHat Security, as my co-presenter.
There was a wide variety of sessions offered at DrupalCon, and one of my favorites by far was on the topic of attracting and retaining Drupal talent. This was a very candor look at how some of the larger Drupal shops (RainCity, Palantir, and Development Seed) run their businesses and profit from working with Drupal.
The huge presence of Acquia here at DrupalCon is very exciting, and I'm very excited to see what they are up to.
If you haven't gotten the chance to attend a DrupalCon before, I hope that you find a way to beg, borrow, or hitchhike your way to the next one.
DrupalCon, CommonPlaces, Drupal, security, sessions
Hey Erich,
crashed your table for a coffee on thursday, was nice to meet you.
I have to admit that your session on security was excellent. An introduction in the theory with some practical examples from Arian along the way.
I'm pretty sure that a lot of people who were present there will think twice before skipping future security tests and/or consultation. It was really helpful and as you mentioned, a big eye-opener.
Keep it up, will hopefully see you next year.
Erich is a web developer and a native New Englander who is passionate about life, the universe, and everything.
He is a Drupal consultant, previously employed as a senior developer at Harvard University, working on the IQSS OpenScholar project. Prior to joining the team at Harvard, he was the engineering manager at CommonPlaces e-Solutions, in Hampstead, NH, contributing as the lead engineer on the Greenopolis.com and Twolia.com.
Erich is active in the Drupal community, having contributed modules and patches to the community. He presented at DrupalCon in Szeged Hungary, and co-presented at DrupalCon 2009 in Washington, DC.
Erich lives in New Hampshire with his wife, two sons, and three weimaraners. When not writing code, Erich enjoys landscaping and woodworking.
Denis, Thanks for your
Submitted by erich (not verified) on Sun, 08/31/2008 - 22:25.Denis,
Thanks for your comments. Security isn't something that a lot of programmers think about, and if we do think about it, we're not usually well versed in the common techniques of hacking sites.
I definitely hope to be at the next DrupalCon!