This site is archived.

Programmer

Hacks Happen

AmandaGiovanni's picture
Submitted by AmandaGiovanni on Mon, 08/25/2008 - 22:34.

Based on real-world data from thousands of Web application assessments, The presentation will provide a look at the top vulnerabilities that attackers are exploiting to steal corporate and customer data from public and intranet websites.


CommonPlaces, Katalyst and WhiteHat are the only source that can track these trends and deliver a comprehensive, straight-from-the-trenches view of the state of website security.

  • Identify and discuss the latest top ten vulnerabilities, by industry
  • Reveal the new threat that enters the Top Ten for the first time
  • Discuss promising new signs in the fight against website vulnerabilities
  • Present strategies for complete website security

Web Application Canonicalization, Encoding and Transcoding Attacks

AmandaGiovanni's picture
Submitted by AmandaGiovanni on Mon, 08/25/2008 - 17:42.
Placement
Session time: 
08/29/2008 - 09:00 - 08/29/2008 - 10:30

Amanda Giovanni, Director of Enterprise Risk Management of CommonPlaces, Erich Breyrent, VP of Engineering of CommonPlaces, Matthew Nash, Cyber Security Consultant of Katalyst Strategies, and Arian Evans of Whitehat, will present findings from the third quarter 2008 Web Application Security Statistics Report.

Based on real-world data from thousands of Web application assessments, The presentation will provide a look at the top vulnerabilities that attackers are exploiting to steal corporate and customer data from public and intranet websites.

Cross-Site Request Forgery: The Sleeping Giant of Website Vulnerabilities

AmandaGiovanni's picture
Submitted by AmandaGiovanni on Mon, 08/25/2008 - 04:01.
Placement
Session time: 
08/27/2008 - 15:00 - 08/27/2008 - 15:45

Join us for a real life examples and a panel discussion around CSRF with Amanda Giovanni, Director of Enterprise Risk Management of CommonPlaces, Erich Breyent, VP of Engineering of CommonPlaces, Matthew Nash, Cyber Security Consultant of Katalyst Strategies, and Arian Evans of Whitehat.

Demo: developing rich ajax drupal components with no coding

yarokbyd's picture
Submitted by yarokbyd on Mon, 08/25/2008 - 01:53.
Placement
Session time: 
08/29/2008 - 09:00 - 08/29/2008 - 10:30

Overview

The demo will show ajax tooling technology from ArtwareSoft.
We will show how you can take your existing drupal components such as views and data types and empower them with specialized interactive javascript UI.
The demo will focus on building the components with no coding, using both simple WYSIWYG approach for the simple cases and a rich specialized DSL with ajax IDE for the more complex cases.

Agenda

* Demonstration
* Discussion about the best ways to facilitate and exploit such a technology in the Drupal community.

Goals

Participants will meet and like the new technique, use it for their needs and contribute more styles, repository controls and drupal adapters for it.

Resources

Attendees are welcome to bring sample Xml's from which we will generate together the desired interactive views.

Drupal Efficiency: Coding, Deployment, Scaling with NetBeans, DTrace, Zones, ZFS, and Network.com

smattoon's picture
Submitted by smattoon on Wed, 08/20/2008 - 17:29.
Placement
Session time: 
08/29/2008 - 09:00 - 08/29/2008 - 10:30

Overview

A survey of open source tools for improving efficiency of Drupal coding, deployment, testing, and system resource utilization.

Agenda

In this session, we'll walk through some typical uses of:
* NetBeans PHP and Drupal plugins
* Deployment to cloud computing service (Network.com)
* DTrace PHP and MySQL probes
* OpenSolaris Zones, ZFS, and integrated AMP stack

Goals

Attendees will get a good intro to the open source technologies coming out of Sun that are most relevant to Drupal.

The Fine Art of Maintaining Multiple Branches in CVS

Island Usurper's picture
Submitted by Island Usurper on Wed, 08/13/2008 - 15:57.
Placement
Session time: 
08/28/2008 - 16:00 - 08/28/2008 - 16:45

Overview

CVS is complicated. Learning how to use it is a challenge. However, it is a necessary tool for anyone wanting to contribute a module or theme to Drupal. Fortunately, there's a lot of documentation on how to use CVS. Unfortunately, there's a lot of documentation on how to use CVS. This session will try to condense all of that down into something we can wrap our heads around.

Agenda

* Quick overview of the basic ideas of version control.
* Walk through the steps to contribute a module.
* Describe the cycle of updating and committing changes.
* Tagging: make an official release!
* Branching, or "Which files am I using now?"

Goals

By the time we're done, everybody should have a higher level of confidence in using CVS. Some people might even have become first-time contributers.

Resources

A CVS account for Drupal's repository will let you participate, but it's not necessary for learnin'.

RDF storage back-ends

David Strauss's picture
Submitted by David Strauss on Wed, 08/13/2008 - 09:16.
Placement
Session time: 
08/29/2008 - 16:00 - 08/29/2008 - 16:45

Overview

Storage and retrieval of RDF data represent significant departures from traditional relational database semantics. While many APIs exist for storing RDF data in a relational database, they tend to be slow, lacking in data integrity enforcement, or difficult to query.

In this session, we'll consider options for a scalable, easily queryable Drupal RDF system.

I'll bring some of my own ideas, but everyone's invited to bring their own, as well as RDF use cases to consider.

Facebook Application Hackathon

Dave Cohen's picture
Submitted by Dave Cohen on Sat, 08/09/2008 - 19:57.
Placement
Session time: 
08/29/2008 - 11:00 - 08/29/2008 - 12:00

There is already a session about Facebook Application development. The session is scheduled for 11am on the 28th. At that time I'll talk about what a Facebook App is and tools for building them on Drupal.

This BoF will be a chance to work with the modules and ask questions specific to your own site. Perhaps even get your site running on Facebook, if you have not tried to do so already.

I'll be there to answer questions and help troubleshoot. So this is a good chance to get started if you haven't worked with Facebook before. And a good chance to ask questions if your stuck on any particular feature.

If you want to contribute to the Drupal for Facebook project, we can talk about the best ways to do that.

bzr - The Bazaar source revision control system

LenZ's picture
Submitted by LenZ on Fri, 08/08/2008 - 21:18.
Placement
Session time: 
08/29/2008 - 16:00 - 08/29/2008 - 16:45

Overview
This talk gives an introduction to Bazaar (bzr) - the distributed source code revision control system developed by Canonical Inc.

Agenda
In this session, Lenz will provide an overview about the general concepts of distributed source code revision control and how Bazaar (bzr) fits into this picture. The bzr terminology and most useful commands will be explained as well as examples on topics like:

  • Creating a repository
  • Adding files
  • Editing files and commiting changes
  • Branching
  • Plugins and extensions, Interoperability with other SCM systems

Goals
Attendees will have a better understanding on how distributed revision control works in principle and how it can be utilized with Bazaar. The basic commands needed to get going will be covered, so users can get familiar with the concept by themselves.

Resources
Some basic understanding of source code revision control systems (e.g. CVS, Subversion) is probably required to make the most out of this session and to understand why Bazaar (or any other distributed revision control system) is superior to these.

How to get a themer to call you the morning after.

mortendk's picture
Submitted by mortendk on Tue, 08/05/2008 - 11:45.

Overview
It can be hard to look up from the daily work and se whats going on at the other side of the fence.

This will be a talk where themers can express their wishes for module developers and how it could be in ideal world, and vice versa
to give both parts a good understanding of the challenges that lies ahead in the day to day work.

It will be a round talk so come join and lets share our knowledge of both worlds

Agenda
* what makes a crappy module for a themer
* what makes a really cool module for a themer
* basic knowledge - what coders can expect a themer / designer knows - is it enough or?
* day to day problems in the theming world
* day to day problems in the coding world
* what "documentation" -cant you just read the code? its in line 1208

* come all together now... a even better tomorrow ;)

Goals
The goal of this session is to give module developers and theming-css geeks a better understanding of each others world.

Resources
some experience as a themer / module developer