This will be a live version of my popular blog post of the same name.
This a comprehensive post-mortem of the Drupalgeddon SQL injection bug as experienced on one of my personal web sites. In this talk I'll explain in-depth how the SQL injection bug worked. I'll show the way real hackers used this vulnerability in the wild, and how you can defeat a similar attack on your website. I'll show how I recovered an infected site, and the new security measures I put in place as a result of this security breach. Finally, I'll argue that when all is said and done, this has been a good learning experience for our community, and things could have been a lot, lot worse.
Experience level:
Intermediate
Speaker(s):
Matt Korostoff