Presentation – Security in Moodle Plugins
Marina Glancy, the Development Process Manager in Moodle HQ has shared a presentation about the security in the Moodle plugins during the MoodleMoot Australia (#MootAu15).
The presentation includes the typical security vulnerabilities and their probable remedial actions like Cross-site scripting (XSS), Cross-site request forgery (CSRF), Privilege escalation (incl. unauthorised access), Information leakage, SQL injection, Command-line and code injection, Illegal files access, Denial of service, buffer overflow, timeout, etc.
Below is the embedded presentation and here is the direct link.
Please share your experience about security of your Moodle site in the comments.