This is partially a continuation of yesterday's post on Growing Drupal contributors and the project application process.
Over the next 2 months there are at least five great ways you can learn about security in Drupal.
Mentoring for project application reviewers
If you do a project application review (learn what/why) I will gladly mentor you in how to do the security review portion of that review. There are a few things I tend to look for, and I'm not perfect in what I do, but the more people who learn how to do it the better. I think a one-on-one mentoring would be really helpful in this regard to give people the confidence to look for security issues themselves. It would be helpful if you have already read writing secure code in the Drupal handbook and/or my book on security. So, this counts as two ways: free mentoring and links to free documentation and a paid book ;)
In my role as Directory of Security Services at Acquia I've had some time in the last weeks to do a lot of reviews on new modules (focused on security). However in the next weeks I have a pretty busy schedule so I'm looking to expand the pool of folks who are knowledgable enough and willing to do these security reviews.
Obviously I have to balance this program with normal work, but I am dedicated to up to one person per day. So, if you are interested in this let's follow the process I laid out on groups.drupal.org.
This past weekend was BADcamp in Berkeley, California. We had back to back security sessions. I presented review of how Drupal Security compares and fellow Drupal Security Team member Matt Chapman delivered keeping your site secure. The BADCamp folks recorded all the sessions and will be posting videos in the coming weeks.
Webinar on security: Tuesday the 25th
On October 25th at 1PM New York Time I will be giving a webinar about security. It will be a quick review of some important topics:
- General security theory
- Comparison of Drupal to other CMS options
- How to identify common mistakes with the Security Review Module
- Benefits of a security audit
I'll be sharing best practices for protecting your Drupal site against common security attacks. This session will include a discussion of some of the most common vulnerabilities he's discovered when auditing sites and the best tools to overcome them.
Drupal Training at Drupalcamp Austin
The amazing folks in Austin are putting on Drupalcamp Austin again this year and they've decided to add a training component integrated into the camp days. So, on Saturday November 19th from 8:45 to 12:15 I will be delivering an in-depth "let's look at code" Security Training.
And no doubt there will also be some security sessions at Drupalcamp Austin.