I'll be sharing our agency experience of developing secure web applications for some of the UK's leading high street banks and brands with a focus on the pitfalls you face when developing code in PHP. The talk will contain specific details on the many attack vectors that hackers will use to attempt to access and exploit your site and how you can improve your development process to avoid them.
Topics covered will include some old chestnuts like XSS (Cross Site Scripting) and SQL injection through to issues like XSRF (Cross Site Request Forgery) and Session Hijacking.
The talk is aimed at developers who have perhaps not truly considered security of their applications before to developers who would like to extend their knowledge. The talk is aimed at software developers and will contain practical code-based examples and solutions.
By clicking this button you are declaring that you are the speaker responsible for it and a claim request will be sent to the administrator of the event.
If the claim is approved you will be able to edit the information for this talk.
Great talk, Paul covered those things we already know in order to reinforce their importance and to make sure that every aspect of those vulnerabilities was understood - necessary to avoid complacency.
Comprehensive coverage of different flavours of common vulnerabilities with deliberately short code examples.
One of those talks where you walk away with new things to try, but also a few jobs to do. Would like to see the extended version of this covering XSRF and more.
I liked the talk although I was a little disappointed that it was the usual suspects that were covered. Having said that I understand why they were. The topics were well covered and it's good to be reminded of the security aspects. Thanks.
Good talk and well delivered, though frustrating that there wasn't nearly enough time to give the topics enough depth; this was no fault of Paul's and I'd like to see him talk again on this topic in a longer time slot.
Well delivered recapitulation of the most important security rules. Again, the whole day could be easily spent on going into more details but I liked that Paul just picked the ones he believed were the most important and only focused on them which prevented turning the talk into a fast forward slideshow.
Even though I knew most of the stuff it's good to get them hammered in every once in a while because it's just so important, and as Paul correctly said we tend to get a bit complacent over time when it comes to security.
Paul is a very good speaker; very confident, relaxed and really knows his stuff. I liked this presentation a lot!
A nice short introduction into php/web security with a lot of good and valid points getting in some of the promised 'from the field' experience but not as much as I had hoped to.
It was a very nice unconf talk and I'd like to the 45/60 minute version at unconf EU or some other conference!
One of the best talks of the conference - I wish Paul had had a full hour, no, 2 hours to go through his material. Really fascinating subject, excellently presented and with clear code examples to boot.
A note to the conference organisers - this really should have been moved to the Saturday - people need to know this stuff.
A very good talk from a quality speaker. This talk really should have been given more time but credit to Paul for managing to squeeze so much into the short timeslot :) I thought the examples he gave were some of the clearest I've seen on a number of well-known but often less-well understood attack vectors and he had some interesting points (such as [removed] protocol urls) that are often forgotten about.
A subject more deserving of a week's training than a half hour talk, but Paul presented the main topics clearly, discussed them well and kept things focussed and to the point throughout. I even learnt something new in respect of the injection attacks into the href attribute, and the only negative point to make is that I now have to start combing my code base to see if there are any vectors for that particular issue!
It did cover the basics instead of more complex security problems, but then with those being the top reported security holes it made sense (this was explained in the talk).
I think this talk would be much better suited for an hour slot instead of 30 mins. That way the basics can be covered in the first half, with the remaining spent on more complex security holes like CSRF.
Know of an event happening? Let us know! We love to get the word out about events the community would be interested in and you can help us spread the word!
09.Oct.2011 at 10:39 by Ben Nuttall via api
Fantastic talk, brilliant speaker, really useful points and well researched security issues discussed.