During this workshop we'll be going more in-depth into how to audit a Drupal site. We'll be using OWASP ASVS 2014 and a Drupal 7 site which participants will have to prove to be vulnerable. During this interactive workshop we'll be discussing and demonstrating basic and advanced examples of the following vulnerabilities: Injection of various kinds (JavaScript, HTML, SQL, XML, etc) Missing Authentication or Authorization Cross Site Request Forgery (CSRF) Denial of Service Abuse of functionality Information Leakage and more. A laptop with VirtualBox installed is advised.