A Weekend full of Hacking - and Securing
Our CEO Joe visited the Drupal HackCamp in Bucharest at the beginning of June and experienced a great Drupal event. The event was mainly organized by Softescu, a digital agency of Romania, and the main topics were security and security-related issues.
Jasper Mattson from Druid, who discovered the Highly Critical Remote Code Execution in Drupal (SA-CORE-2018-002) #drupalgeddon2, held a keynote, which was one of Joe’s favorite sessions. Jasper talked about how to find and report bugs, and a very important appeal was: do not post the detection on the regular Drupal issue queue but follow the instructions on how to report a security issue instead. Otherwise, the attackers will start with their attacks until the issue got fixed.
A day earlier, on Saturday, the Drupal Security Team Member Peter Wolanin explained how Drupal 8 is more secure in 10 ways again in a great session, with more depth and background. Peters knowledge and examples were very impressive, and Joe thinks that all Drupal developers should have a know-how like this.
On Friday, Lockr.io CEO Chris Teitzel won Joe over with his nice session “With great power comes great responsibility”, by talking about responsibilities and a culture of security for developers, their teams and finally their clients.
Bastian Widmer from Amazee.io held his session about “How open source will help you to survive the next drupalgeddon”, and analyzed deeper layers and how you can strengthen your whole setup.
Besides these and even more excellent sessions and discussions, the HackCamp satisfied its visitors with great social events: while the weekend started with a rooftop bar and a club visit, the second day was dedicated to a city tour and a dinner together. The perfect ending of this weekend was a visit to the thermal bath in Bucharest.
All in all, it was a joy to hear about Joe’s experiences and learnings and there’s one clear conclusion: such a security-related Drupal event should be absolutely take place again.
Inspired by that, we are going to support and actively realize plans for other security-related events this year. If you want to be part of it or just want to learn more, ping us!