How they crack

Drupal

Evgeniy Maslovskiy

@Spleshka

About me

Team Lead at BrightSolutions GmbH

Author of drupalace.ru

Maintainer and co-maintainer of several modules:

path breadcrumbs
memcache storage
profile2
cache expiration
etc.

Not a security freak

Security

Secure website

He forgot to filter html output

TIME FOR VIDEO

Is site secure now?

NO

Another feature request...

TIME FOR VIDEO

Google Spreadsheet

=image("example.com/image.jpg")

Huge bills and reduced bandwidth

Drupal page cache

http://exampe.com

http://example.com?data=1

http://example.com?data=2

Site crushes

Spreadsheet +

Page cache

=image("http://example.com?data=" & RAND())

CHANGELOG.TXT

Drupal version

List of used modules

Modules' versions

Security issues

www.christinaaguilera.com
www.robbiewilliams.com
www.ozzy.com
www.grammy.com
www.emmys.com
www.mtv.co.uk
www.greenpeace.org.uk

software.intel.com
opensource.org
www.ubuntu.com

Too easy

Questions?

@Spleshka

How they crack Drupal

By Evgeniy Maslovskiy

How they crack Drupal

1,550

Evgeniy Maslovskiy

systemseed.com
spleshka

How they crack

Drupal

About me

Security

Secure website

He forgot to filter html output

TIME FOR VIDEO

Is site secure now?

NO

Another feature request...

TIME FOR VIDEO

Google Spreadsheet

=image("example.com/image.jpg")

Huge bills and reduced bandwidth

Drupal page cache

Site crushes

Spreadsheet +

Page cache

CHANGELOG.TXT

www.christinaaguilera.comwww.robbiewilliams.comwww.ozzy.comwww.grammy.comwww.emmys.comwww.mtv.co.ukwww.greenpeace.org.uk

software.intel.comopensource.orgwww.ubuntu.com

Too easy

@Spleshka

How they crack Drupal

More from Evgeniy Maslovskiy

www.christinaaguilera.com
www.robbiewilliams.com
www.ozzy.com
www.grammy.com
www.emmys.com
www.mtv.co.uk
www.greenpeace.org.uk

software.intel.com
opensource.org
www.ubuntu.com