Check your version

This video covers a topic in Drupal 7 which may or may not be the version you're using. We're keeping this tutorial online as a courtesy to users of Drupal 7, but we consider it archived.

Alternate resources: 

Tips for writing secure code

Video loading...

Join Drupalize.Me to watch this video

Join today and gain instant access to our entire video library.

Log in Sign up
  • 0:07
    Drupal has many ways to protect us
  • 0:09
    from security exploits if we know how to use them.
  • 0:12
    All the heavy lifting is handled by Drupal if we utilize the functions provided.
  • 0:17
    There are several vulnerabilities that we need to be concerned with.
  • 0:20
    Cross-site scripting exploits the trust a user has for a particular site.
  • 0:25
    For example, someone leaves a comment with JavaScript
  • 0:27
    such that when another person views the page, it gets executed.
  • 0:31
    Cross-site request forgery exploits the trust that a site has in a user's browser.
  • 0:36
    It could be stealing someone's cookie and masquerading as a trusted user
  • 0:40
    or changing the price in a hidden form element in a shopping cart