This site is archived.

Programmer

Automatic Security Testing with Static and Dynamic Analysis

bjaspan's picture
Submitted by bjaspan on Wed, 07/02/2008 - 17:10.

Session recording

Placement
Session time: 
08/30/2008 - 15:00 - 08/30/2008 - 15:45

Overview

Most Drupal security vulnerabilities are discovered via manual code reviews or by accident. This session will introduce two automated approaches to detecting Cross-Site Scripting (XSS) and SQL Injection (SQLi) security vulnerabilities and present progress to date in applying them to Drupal.

Dynamic Analysis, or "data tainting," involves tagging actual data within a running program received from untrusted sources as "tainted," propagating the taintedness to any data derived from tainted data, and detecting when tainted data is used in dangerous circumstances. For example, data tainting would detect when any data derived from unsanitized GET request parameters is outputted within HTML.

Static Analysis involves performing data-flow analysis directly on source code to detect when certain kinds of security vulnerabilities are possible. Like Dynamic Analysis it uses a data tainting model but instead of operating within a live running program on real data it studies all possible code paths within a program to identify potential problems.

Agenda

* Conceptual introduction to Dynamic Analysis and Static Analysis
* Advantages and disadvantages of each approach
* Current progress and results with Drupal
** System-wide data tainting using Taint PHP
** Using the Schema API for accurate database tainting
** Development of Taint Trace for easier debugging
** "Run-time static analysis" of Drupal Input Formats

Goals

Attendees will learn how Static and Dynamic Analysis can work to improve program security by automatically detecting XSS and SQLi vulnerabilities.

Resources

This session requires only basic PHP development skills. All Drupal module developers are qualified and encouraged to attend.

Field API and Fields in Core

bjaspan's picture
Submitted by bjaspan on Wed, 07/02/2008 - 16:45.

Session recording

Placement
Session time: 
08/29/2008 - 11:00 - 08/29/2008 - 12:00

Overview

The session will introduce the Field API intended for Drupal core. The Field API supports "CCK fields in core" as a new central concept for organizing content as an eventual replacement for the Node API model.

Agenda

* Motivation for Fields in core
* Design goals for the Field API
* Current status of the Field API
* Fields on remote data and the semantic web

Goals

Attendees should leave this session understanding what the Field API is, how it will work, and how to use it to create custom content types programmatically.

Resources

Attendees should be familiar with node types and how to use CCK user interface to define custom content types with fields.

State of Drupal

Dries's picture
Submitted by Dries on Wed, 07/02/2008 - 09:47.

Session recording

Placement
Session time: 
08/27/2008 - 09:00 - 08/27/2008 - 10:30

An update on the State of Drupal.

A gentle introduction to Drupal coding

add1sun's picture
Submitted by add1sun on Wed, 07/02/2008 - 04:24.

Session recording

Placement
Session time: 
08/27/2008 - 11:00 - 08/27/2008 - 12:00

Overview

This session is made for folks that are new to coding in general or new to Drupal coding in particular. We'll start off with some basic discussion about working with Drupal as a framework and what that even means. Then we will go through an overview of how Drupal's framework is set up and the various APIs and systems you can work with. This is specifically targeted at people who do not know what FAPI or a "hook" is and are trying to wrap their head around these new concepts. We'll finish up with community resources to help you on your coding journey. The only prerequisite is a curious mind. You don't have to be a l33t hax0r.

Topics to be covered

- How is coding with Drupal different from plain PHP/MySQL?
- Overview of Drupal code base
- What is a hook?
- What is the theme system?
- What is FAPI?
- What is the menu system?
- What about database stuff?
- Coding standards
- Security
- How to learn/get help

Goals

Give people a strong foundation in Drupal concepts from a code perspective as well as pointers to good resources for continued learning.

A Roadmap for Mapping: GIS on Drupal in 2008 and Beyond

bec's picture
Submitted by bec on Tue, 07/01/2008 - 03:35.

Session recording

Co-presenters: 
Placement
Session time: 
08/28/2008 - 11:00 - 08/28/2008 - 12:00

Overview

This session will be presented by the maintainers of the Location and GMaps modules. Updated, stable versions of these modules will be released this summer, and we will talk specifically about the capabilities of these modules. We will also address the roadmap for growing these modules into a broader GIS/mapping platform for Drupal.

Agenda

  • GMap and Location updates--stability, new features, api features
  • current GIS/Mapping capabilities with GMap and Location--what we can do with Drupal right now
  • GIS/mapping platform goals--what we want to be able to do with Drupal
  • technical roadmap--a clear technical plan to meet those goals

Goals

The goal of this session is to engage people with the current evolution of Drupal mapping by sharing what is currently possible, and to get community buy-in on Drupal as a GIS/mapping platform by presenting a clear set of goals for the near future.

Resources

The State of Geospatial in Drupal:
http://groups.drupal.org/node/12485

Drupal mapping group:
http://groups.drupal.org/mapping

Location module:
http://drupal.org/project/location

GMap module:
http://drupal.org/project/gmap

Geo module:
http://drupal.org/project/geo

OpenLayers module:
http://drupal.org/project/openlayers

Imagefield Gallery -- A path to easy galleries in Drupal

EclipseGc's picture
Submitted by EclipseGc on Tue, 07/01/2008 - 00:48.
Placement
Session time: 
08/28/2008 - 11:00 - 08/28/2008 - 12:00

Overview:

Imagefield Gallery is a module that's been around since shortly before Drupalcon Boston. I created it with the intent of making gallery management for an existing site easy for single nodes. Since that time others have used it for their own sites, and have extended it to work with proprietary gallery types that have not been contributed back. I would like very much to introduce the drupal community at large to imagefield gallery and encourage them to help develop it in a direction that could be beneficial for ALL of drupal, not just a small subset.

As stated above, imagefield gallery's primary purpose is to create galleries on a node from an existing imagefield. The new 2.x version cleans up the admin, and is striving to squash some old bugs, and add new features. In development is the ability to do node references, as well as a new gallery type. Imagefield Gallery makes creating new gallery types pretty easy and straight-forward. These gallery types are re-usable in a large number of instances and allow the site administrator to customize gallery types per content type.

Agenda

  • Current Capabilities
  • What I'd like to see donated by the community
  • What about D6?
  • What could the future hold?

Goals

Ultimately the objective of this session is to introduce Drupal at large to the Imagefield Gallery module, and show them what it can do for them. With some help I believe imagefield gallery can fill a significant void in the current Drupal codescape and give Drupal a varied and significant gallery system upon which to draw.

Resources

Project Page:
http://drupal.org/project/imagefield_gallery

Development/News Blog:
http://www.worxco.com/blog-categories/imagefieldgallery

Drupal 6 menu system - architecture, do, don't and tricks

pwolanin's picture
Submitted by pwolanin on Mon, 06/30/2008 - 04:32.

Session recording

Co-presenters: 
Placement
Session time: 
08/27/2008 - 16:00 - 08/27/2008 - 16:45

Overview

The Drupal 6 menu system has a fundamentally different architecture from what was present in Drupal 5. This session is designed to highlight the key features of the new system, and give some code-level examples of how to use them well and what to avoid.

Agenda

* How does Drupal 6 serve paths and render links
* When are the menu hooks called
* When to define a router item
* Examples of bad code
* Examples of good code
* Advanced tricks and tips

Goals

By the end of this session I hope you will have thrown off the shackles of your Drupal-5-based thinking about the menu system and be ready to use the features and be aware of the limitations of the Drupal 6 menu system.

Resources

You should be familiar with writing a hook_menu implementation and preferably the {menu_router} and {menu_links} tables to get the most of this session

BoF: Porting contrib modules to D6.x

demeester_roel's picture
Submitted by demeester_roel on Sat, 06/28/2008 - 15:59.
Co-presenters: 

Overview

Drupal 6 is out now for almost 5 months, but a lot of modules haven't been ported to D6. Yet people seem to screaming for them and with cck and views 2 almost being ready, maybe it's time to join forces and help out other contrib module maintainers.

Agenda

  • This is an all-day code hacking session !
  • Introduction on porting. What, Why and How?
  • Agenda of the day. How will we succeed
    • Choosing the modules

    • Get help
    • Contribute patches
  • We expect to port 1 module for every 2 attendees

Goals

Although it's nice that all attendees will become known as experts in drupal module porting, our ultimate goal is to get as many modules ported by the end of the day.

Resources

Making a digg/reddit/properller clone using drupal.

secgeek's picture
Submitted by secgeek on Sat, 06/28/2008 - 14:25.

Making a Digg/Reddit/Propeller clone with drupal

Today user submitted story sites are very popular.some examples are digg/reddit/propeller etc.In this session i am going to show how to create such site with using drupal and available modules.

Agenda

* Architecure of social site.
* How to use drupal?
* Available modules.
* Customization of modules to achieve the needed functionality.

Goals

In the end attendee will have knowledge on drupal and its module which a user can use to build such sites and can create their own.

Resources

none.

Testing, part 2: Awesome testing party!

webchick's picture
Submitted by webchick on Sat, 06/21/2008 - 15:51.

Session recording

Placement
Session time: 
08/28/2008 - 09:00 - 08/28/2008 - 10:30

Overview

So now that you understand the basics of testing, it's time to put that knowledge to the test (heh, heh) -- and win awesome prizes!

This session is a working session for all developers to come and have fun writing tests. If you know any PHP, this session is for you!

Agenda

* All attendees break into pairs.
* Hand-outs with testing instructions will be provided, and experts on hand to run around answering questions.
* Index cards are provided with a list of Drupal core functions on them that lack tests.
* Run up, grab a card, sit down and write a test with your partner.
* When it's done, submit a patch, grab another card.
* Dorky prizes will be given away for things like most tests written, most well-written test ;), craziest function that had to be tested, etc.

Goals

The goal of this session is to provide a fun environment for people to learn the ropes of testing and contributing to core, to work directly with some of the big names in the Drupal community, and possibly to even get some actual work done! ;)

Resources

While not mandatory, you'll have an easier time in this session if you're familiar with the basics of testing. Luckily, Testing, part 1: Intro to testing will give you all the tools you need. :)