video

Video-cast: Drupal as a profession

by Caleb G
18 March, 2010
Published in: 
Drupal
video
freelance
contractor
Below is the screencast for a presentation I gave at the Sacramento Drupal Users Group on Saint Patrick's Day 2010, titled "Drupal as a profession". (I apologize ahead of time for my lack of public speaking skills, hopefully you'll find this information helpful in spite of this!)

UPDATE: I highly recommend listening to this presentation given at Drupalcon San Francisco in addition to my presentation above: "YOU SHALL NOT PASS: Managing Expectations and Boundaries of Clients"

Drupal security: video example of user account hijacking with XSS

by Caleb G
2 March, 2010
Published in: 
Drupal
security
video
xss
In this short screencast a variety of security holes are shown, as well as some malicious things which are made possible due to these lapses. We'll take a walk-through of two security issues showcased in the vulnerable.module, as well as two other exploits which I put together:
  • User account hijacking via cookie/session XSS thievery
  • User account hijacking via password-changing-inline-XSS

It's worth noting that in the screencast we demonstrate security exploits in the context of a Drupal installation which uses custom code (e.g., the examples in the video do not represent actual vulnerabilities in Drupal core). Likewise, these exploits and security holes potentially apply to any web site, Drupal or not, which accepts user input.

Links
Cracking Drupal (also, my review)
Drupal.org: Writing secure code
xssed.com

Drupal Acceptance/QA Testing with Selenium - Screencast

by Caleb G
6 October, 2008
Published in: 
Drupal
selenium
acceptance testing
video
screencast
Background
For the past 6 months I've been lucky to be part of the development team for the newly launched Yoursphere.com, a Drupal-powered social networking site which "provides one of the safest online destinations for youth ages 9 through 18 to interact*". To say that Yoursphere is the most customized Drupal site I've worked on would be quite an understatement. One example of that, and subject of this article, the user registration system went from the standard single page - to one which uses 4 unique user creation forms which are integrated within several possible 'registration flows'. The most complex of these involves two of the user creation forms, 8 total screens and third-party identity verification.

Besides being an opportunity to get to know hook_user real well, at the end of creating this system we were left with a larger-than-normal nightmare of, "Wow, I wonder if my new small change just exploded the entire registration system for the site. Hmmmmmm."

Deciding on acceptance testing / Selenium
Subscribe to RSS - video