Let's break in to Drupal – Because breaking is more fun than building



Let's break in to Drupal – Because breaking is more fun than building

1 1


drupal-security-attacks

Drupal security from the perspective of running attacks

On Github cardcorp / drupal-security-attacks

Let's break in to Drupal

Because breaking is more fun than building

Presented by

These slides: http://cardcorp.github.io/drupal-security-attacks/

@greggles Knaddison

Testing for XSS

  • <script>alert('title');</script>
  • <img src="a" onerror="alert('title');">
  • Catches 90%

XSS Demo

Drupal 7 Password Changer.js Video of Password Changer

Precautions against XSS

Book on Security in Drupal

References