Security in Drupal: what can go wrong?

Drupal Camp Asheville 2024 - July 12th-14th

ClipStock (225)
Start Time



Benji Fisher
Benji Fisher headshot

 Benji is an active member of the Drupal community:

  • member of the usability team
  • co-maintainer of the Migrate API
  • provisional member of the security team

He often helps out on the #ux and #migration channels in Drupal Slack.

Outside of Drupal, Benji enjoys bicycling, square dancing, bridge, yoga, and puzzles (mathematical and mechanical).

Security in Drupal: what can go wrong? slide intro

Let's "get off the island" and look at Drupal security from the point of view of an outsider.

The OWASP Top Ten is an industry standard list of the most common vulnerabilities that can affect web sites. This session will start with an overview of the Top Ten, and then take a more detailed look at a few of these vulnerabilities. We will review some actual Drupal security advisories:

  • What the vulnerability looks like
  • How the Drupal security team communicates the problem
  • The code that was updated to fix the problem

The presenter is a provisional member of the Drupal security team.