As a member of the security team I have seen a lot of code and what can go wrong with it. This talk aims to educate you about the OWASP top 10 and share some experience about web application security including about:
- XSS, CSRF, Access Bypass, SQL injection, DOS explained
- Secure configuration (web server, file permissions, etc.)
- Tools and Modules to improve security on your site
I will show you a few common mistakes that Drupal Developers make when they write code and how they can be avoided
Drupal’s extensibility allow us to create the perfect CMS for our organizations. But too often the same level of design is not considered when building out the editorial interfaces. The default tools are often scary for first-time Drupalers and include confusing words like ‘nodes’, ‘taxonomy’, and ‘blocks’. Making Drupal friendly for clients means checking internal jargon at the door and building interfaces that are intuitive and distraction free. Topics include:
SimplyTest.me is a long-standing, free service that has served Drupal community with an easy-to-use tool for creating Drupal sandboxes.
Drupal includes a powerful toolset for building and extending out-of-the box content types. Content architectures are typically designed around the features of nodes, taxonomy, media, and other core entities. But how do we know when our business-needs have grown beyond the common entity types? When are nodes too lightweight or too heavy handed to meet our site goals? And what are the trade-offs and support issues when creating a new entity type?
How does a global institution make it easier for students to discover and take advantage of extracurricular, travel, and research opportunities it offers? The first project under the umbrella of the Cornell Student Experience Initiative, Cornell University's Opportunities Marketplace is Cornell's student-facing solution to a decentralized legacy process of paperwork, phone communication, and manual data entry. Our session jumps into the implementation process to explore how we balanced constraints of accessibility requirements, legacy data platforms, distributed systems of record and data silos, and high profile stakeholders.