Zane Lackey (18.May.2012 at 15:30)
Talk at phpDay 2012 (English - US)
Using PHP in a continuous deployment environment poses a number of unique security challenges. This talk covers the application security tools and techniques Etsy has developed while running a worldwide marketplace at scale. Rather than standard topics like understanding and finding CSRF/XSS/SQLi vulnerabilities, this talk will primarily focus on new and interesting approaches to application security problems. Specifically, this presentation will cover building useful security systems such as automatic vulnerability and application fault detection, effective platform defenses for XSS/SQLi, practical security alerting mechanisms, and visualizations of security related data.
Quicklink: https://joind.in/6377
Track(s): track 3
By clicking this button you are declaring that you are the speaker responsible for it and a claim request will be sent to the administrator of the event.
If the claim is approved you will be able to edit the information for this talk.
Are you sure?
18.May.2012 at 17:29 by Tobias Josefsson (44 comments)
Very interesting to hear your thoughts about the issue and get a glimpse of the real deal. Even in a small company, there are many things to be learned from this "bigger picture" with security staff.
By the way, I first found Etsy yesterday and had no idea about what it was. Now I know!
19.May.2012 at 10:44 by Lukas Kahwe Smith (25 comments)
Great talk. Finally a talk about security that discusses how an organization can "live" security. Also been a long while since I have seen a presenter make multiple statements, that I in my head immediately disagreed, only to be convinced of the presenters POV within a few slides.
Some of the "comic relief" slides were maybe a bit hard to get for a European crowd.
19.May.2012 at 17:03 by Alberto Aldegheri (8 comments)
A talk on Security, I really needed that, very useful!
20.May.2012 at 21:26 by Miro Svrtan (12 comments)
Great speaker with a very interesting perspective on what we developers dont think enough (at least me :)
21.May.2012 at 11:52 by Alessandro Ronchi (16 comments)
"Secure by design", this is the pragmatic precept that summarizes your great talk about how we should develop our software architectures.
21.May.2012 at 22:34 by Volker Dusch (44 comments)
Amazing talk. You made time fly and by when the talk was over I wasn't quite sure if you had a 30 minute or 60 minute talk just to realize you made an hour pass without me getting bored at all.
Some very interesting concepts but most importantly you have me what I from now on will except from every security talk: Integration in a real world environment.
Showing how an organization that embraces continues deployment can do meaningful security is amazing.
30.May.2012 at 00:14 by Lorenzo Salvadorini (6 comments)
Great talk! A very interesting presentations of the big work done at ETSY on the security field. Far from the common approach to security through a "ready to go appliance", this guys has made security scale with the business. Thanks Zane, I've learned some big lessons from this talk!
Know of an event happening? Let us know! We love to get the word out about events the community would be interested in and you can help us spread the word!
Is this your talk? Claim it! By doing so it lets us know you are the speaker. Once your claim is verified by event administration it will be linked to your account.
18.May.2012 at 16:29 by Fabian Erni (58 comments) via api
Good talk. Shows how far and professional you can go in security