Massive Security Analysis: Auditing 10,000 Drupal Contrib Modules

Kate Kligman

I analyzed over 10,000 Drupal modules using advanced static analysis tools. This session will cover what I found along with common issues in contrib, security concerns, and how to perform your own analysis of a large code base.

Topics include:

  • Consistent problems with Drupal modules and how to solve them.
  • Using aggregated Drupal CVE (Common Vulnerabilities and Exposures) reports to detect common patterns of failure.

  • Static analysis tools for PHP and JavaScript.

Session Track

Coding and Development

Experience Level


Drupal Version