The Story of an Insecure Module

66915a7bf21d69f3ec3207fd9c493504?s=47 shrop
October 22, 2016

The Story of an Insecure Module

There once was a Drupal module who wanted so badly to have a stable release, but they were insecure. As a useful and promising module to the Drupal community, they were so afraid that poor coding standards and lack of community reviews could lead to XSS, information disclosure, sql injection, and other vulnerabilities for their users.

The Drupal community is one of sharing and support. As a result, the module in this story takes the opportunity to learn and grow from the lessons of other modules and contributors to become much more secure and confident. The module becomes capable of being promoted to a full project and having a stable release. The community rejoices!

Come take a journey through this module's security audit and how their developer resolved each and every finding, following Drupal best practices for writing secure code.

Related drupal.org Security Examples sandbox
https://www.drupal.org/sandbox/shrop/2821723

Presented at Drupalcamp Atlanta 2016
http://drupalcampatlanta.com/2016/sessions/story-insecure-module

66915a7bf21d69f3ec3207fd9c493504?s=128

shrop

October 22, 2016
Tweet