DrupalCon Experiences in Szeged, Hungary

erich August 29th, 2008

I have been attending DrupalCon this week, hosted in the beautiful Hungarian town of Szeged.

I was fortunate in that my company, CommonPlaces, was generous enough to become a silver sponsor for the conference. This gave me the opportunity to present a session on Drupal security, and a BoF session on cross-site request forgeries and mitigation strategies. The session on hack-proofing Drupal applications seems to have been well received; there was a mix of people in the audience in terms of skill levels and knowledge on the topic.

While the information I presented was well documented in various parts of drupal.org and other blogs, I think the practical demonstrations of attack strategies was eye-opening for many in the audience. There is a big difference, in my opinion, between knowing how to prevent a vulnerability and knowing the mechanics and practical application of a vulnerability. The practical demonstrations were handled by Arian Evans from WhiteHat Security, as my co-presenter.

There was a wide variety of sessions offered at DrupalCon, and one of my favorites by far was on the topic of attracting and retaining Drupal talent. This was a very candor look at how some of the larger Drupal shops (RainCity, Palantir, and Development Seed) run their businesses and profit from working with Drupal.

The huge presence of Acquia here at DrupalCon is very exciting, and I’m very excited to see what they are up to.

If you haven’t gotten the chance to attend a DrupalCon before, I hope that you find a way to beg, borrow, or hitchhike your way to the next one.

DrupalCon, CommonPlaces, Drupal, security, sessions

2 Responses to “DrupalCon Experiences in Szeged, Hungary”

  1. # Denis Čahukon 31 Aug 2008 at 6:22 pm

    Hey Erich,

    crashed your table for a coffee on thursday, was nice to meet you.
    I have to admit that your session on security was excellent. An introduction in the theory with some practical examples from Arian along the way.
    I’m pretty sure that a lot of people who were present there will think twice before skipping future security tests and/or consultation. It was really helpful and as you mentioned, a big eye-opener.

    Keep it up, will hopefully see you next year.

  2. # erichon 31 Aug 2008 at 10:25 pm

    Denis,

    Thanks for your comments. Security isn’t something that a lot of programmers think about, and if we do think about it, we’re not usually well versed in the common techniques of hacking sites.

    I definitely hope to be at the next DrupalCon!

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.