Apart a few hints i didn't feel much was shown, just pointers as to what to watch for. Obviously i'll be looking at OWASP for example, thats for sure, but it was a bit limited in terms of practical examples...
Good overview of some of the tools available to help ensure security best practices. I think more concrete examples of what types of attacks these things prevent and/or how different attacks exploit vulnerabilities would make this a more exciting presentation.
The blue text is hard to read on the grey background.
I was disappointed by this presentation. All I wrote down was : encrypt sessions, encrypt passwords, don't display PHP default error message to avoid revealing full directory structure of the application, have everyone code the same way (for validations)...
To me that was too general, lack of real life examples, and the first half of the presentation could be revisited to "compress it" (people already know why security is important) and focus more on securing PHP application.
I liked the section about avoiding to use md5, sha1 though..
Comments
Comments are closed.
Apart a few hints i didn't feel much was shown, just pointers as to what to watch for. Obviously i'll be looking at OWASP for example, thats for sure, but it was a bit limited in terms of practical examples...
Good overview of some of the tools available to help ensure security best practices. I think more concrete examples of what types of attacks these things prevent and/or how different attacks exploit vulnerabilities would make this a more exciting presentation.
The blue text is hard to read on the grey background.
I felt that as for writing secure php applications I felt that we should have seen more practical tools or approaches.
We ended up not seeing neither concepts nor tools/techniques.
Heard of some things to avoid to help make applications more secure as well as saw links to places to keep up to date with new vulnerabilities.
I wish I could of seen more code examples.
I was expecting something new about security but there were the usual suspects.
The delivery was acceptable. I think this wasn't a session for me
I was disappointed by this presentation. All I wrote down was : encrypt sessions, encrypt passwords, don't display PHP default error message to avoid revealing full directory structure of the application, have everyone code the same way (for validations)...
To me that was too general, lack of real life examples, and the first half of the presentation could be revisited to "compress it" (people already know why security is important) and focus more on securing PHP application.
I liked the section about avoiding to use md5, sha1 though..
This session should be named "Writing Secure PHP Applications -- For Beginners"...
I was expecting way more from this session.