45 minutes

Based on real-world data from thousands of Web application assessments, The presentation will provide a look at the top vulnerabilities that attackers are exploiting to steal corporate and customer data from public and intranet websites.


CommonPlaces, Katalyst and WhiteHat are the only source that can track these trends and deliver a comprehensive, straight-from-the-trenches view of the state of website security.

• Identify and discuss the latest top ten vulnerabilities, by industry
• Reveal the new threat that enters the Top Ten for the first time
• Discuss promising new signs in the fight against website vulnerabilities
• Present strategies for complete website security

Join us for a real life examples and a panel discussion around CSRF with Amanda Giovanni, Director of Enterprise Risk Management of CommonPlaces, Erich Breyent, VP of Engineering of CommonPlaces, Matthew Nash, Cyber Security Consultant of Katalyst Strategies, and Arian Evans of Whitehat.

Overview

The demo will show ajax tooling technology from ArtwareSoft.
We will show how you can take your existing drupal components such as views and data types and empower them with specialized interactive javascript UI.
The demo will focus on building the components with no coding, using both simple WYSIWYG approach for the simple cases and a rich specialized DSL with ajax IDE for the more complex cases.

Agenda

* Demonstration
* Discussion about the best ways to facilitate and exploit such a technology in the Drupal community.

Goals

Participants will meet and like the new technique, use it for their needs and contribute more styles, repository controls and drupal adapters for it.

Resources

Attendees are welcome to bring sample Xml's from which we will generate together the desired interactive views.

Overview
In this roundtable format we'll discuss the unique challenges of penetrating the enterprise IT market for CMS. An architectural approach is essential to overcoming these challenges. We'll discuss our experiences in delivering solutions in large enterprises and try to identify a handful of architectural best practices for positioning Drupal as the right choice.

Agenda

Technology adoption patterns within large enterprises are complex and often focus on risk mitigation over value creation and agility. Breaking out of this trap and presenting Drupal as ready for the enterprise requires some knowledge of Enterprise Architecture. We'll discuss experiences using different techniques such as

* Requirement Analysis
* Decomposition
* Modeling
* View point hopping
* Benchmarking
* Running Proof-of-Concepts

As a jumping off point, we'll reference certain tools and studies sponsored by Sun Microsystems for benchmarking and designing Drupal architectures.

Goals

Attendees will meet others interested in enterprise adoption of Drupal, and can build the community focused on this market. Ideally, a set of best practice architectural approaches to positioning Drupal in the enterprise will come out of this session.

UPDATE: Yes, I brought bribes! Themers, designers, coders, users: we want your feedback on our new book, "Front End Drupal." Bring your ideas, enter yourself in a draw for a copy of the book AND get a free flickr pro account. This BoF is on the THIRD FLOOR (stay on the lunch side and go up four levels) at 3PM TODAY (Friday).

Konstantin and Emma are writing a new book, "Front End Drupal" for Addison Wesley. We hope it will provide designers with a great dead-tree-media reference and inspiration on how to theme Drupal 6. We're very excited to be writing it! True to the open source ethos of, "release early, release often and listen to your customers" we'd like to give you a sneak peek at the book we're working on.

Come and give your two cents on our chapters to date, and throw some of your own ideas into the hat on what you think would make a great book!

PS By attending this session you will be eligible to WIN A FREE COPY of Front End Drupal! Yay! Winning! Free stuff!

Overview

CVS is complicated. Learning how to use it is a challenge. However, it is a necessary tool for anyone wanting to contribute a module or theme to Drupal. Fortunately, there's a lot of documentation on how to use CVS. Unfortunately, there's a lot of documentation on how to use CVS. This session will try to condense all of that down into something we can wrap our heads around.

Agenda

* Quick overview of the basic ideas of version control.
* Walk through the steps to contribute a module.
* Describe the cycle of updating and committing changes.
* Tagging: make an official release!
* Branching, or "Which files am I using now?"

Goals

By the time we're done, everybody should have a higher level of confidence in using CVS. Some people might even have become first-time contributers.

Resources

A CVS account for Drupal's repository will let you participate, but it's not necessary for learnin'.

Overview

Storage and retrieval of RDF data represent significant departures from traditional relational database semantics. While many APIs exist for storing RDF data in a relational database, they tend to be slow, lacking in data integrity enforcement, or difficult to query.

In this session, we'll consider options for a scalable, easily queryable Drupal RDF system.

I'll bring some of my own ideas, but everyone's invited to bring their own, as well as RDF use cases to consider.

Overview
This talk gives an introduction to Bazaar (bzr) - the distributed source code revision control system developed by Canonical Inc.

Agenda
In this session, Lenz will provide an overview about the general concepts of distributed source code revision control and how Bazaar (bzr) fits into this picture. The bzr terminology and most useful commands will be explained as well as examples on topics like:

• Creating a repository
• Adding files
• Editing files and commiting changes
• Branching
• Plugins and extensions, Interoperability with other SCM systems

Goals
Attendees will have a better understanding on how distributed revision control works in principle and how it can be utilized with Bazaar. The basic commands needed to get going will be covered, so users can get familiar with the concept by themselves.

Resources
Some basic understanding of source code revision control systems (e.g. CVS, Subversion) is probably required to make the most out of this session and to understand why Bazaar (or any other distributed revision control system) is superior to these.

Overview
This session will be a brainstorm on VAT, taxes and price modifications in übercart.

Theres about 32123 or so different rules for taxing worldwide and each country have its own obscure rules...
And then theres the growing need for individual pricing of product to a specific client base (read role), and offcourse combinations of this
and .... [insert you own need for modification of a price ;) ]

But no more will we struggle with this, come join the battleplan + a presentation of a possible solution for these problems

Agenda
* price based on a role
* tax modification - different country different rules
* short presentation on a "modify-price-by-tax-or-role-or module"
* anything else?

Goals
To create the end all be all solution for displaying and working with price in übercart.

Overview

A discussion about the findings of the two formal usability tests conducted on Drupal, possible resolutions, and methods for building usable applications.

Agenda

* Recap of the top usability issues
* The Drupal Audience - Persona's defined
* Possible Resolutions
* low hanging fruit (easy, impactful fixes)
* high hanging fruit (harder, but important fixes)
* Methods for user centered checks and balances

Goals

The goal of this BoF is to discuss the usability findings and offer up solutions that will make Drupal more usable for new and seasoned users. We'll present ideas, talk about our audience via personas, and highlight methods for achieving more usable results in the future.

Resources

No required resources. Although it would be helpful to familiarize yourself with the two usability studies, which can be found on drupal.org (http://buytaert.net/tag/usability)