Reverse Engineering Drupal Vulnerabilities

In this session, we'll analyse a handful of real Security Advisories issued by the Drupal Security Team. These cover the main categories of Security Vulnerabilities; Access bypass, Cross Site Scripting (XSS), SQL Injection (SQLi), and Remote Code Execution (RCE).

In each case, we'll examine the advisory - looking at what was fixed and working backwards to understand what the vulnerability was. We'll consider how an attacker might exploit the vulnerability.

This session aims to be a fun learning exercise, and should familiarise the audience with how the Drupal Security Team works and how best to utilise the information they publish to keep Drupal sites secure.

*Session Materials*