Insecure Drupal code: Mistakes not to make — Video Available

Drupal provides a good API for developing secure modules and sites, but mistakes happen and best practices are missed in the process of making deadlines. This session will cover popular and prevelant Drupal security risks on the web and how to write secure Drupal code.


  • Security risks on the web
  • Common vulnerabilities found in Drupal code
  • XSS, CSRF, Access Bypass
  • Automated tools to make your life easier


Ben Jeavons ( user coltrane) has been a contributor to the Drupal project since 2007, has written many modules including the security configuration audit tool, Security Review, and is a member of the Drupal Security Team.


badcamp-insecure-code.pdf3.89 MB
The video for this session is available on There may be sound dropouts in the video — it's not your computer.
Sunday, Oct, 27th
10:00am - 10:45am


Skill Level