Application Security Nuts to Bolts

Ilia Alshanetsky

Friday 30 September 2016 from 13:30 to 16:30

Workshop in English - US at Madison PHP Conference 2016
View Slides: https://ilia.ws/files/madison-security-tutorial.pdf
Short URL: https://joind.in/talk/61167 (QR-Code (opens in new window))

Avg. Rating

Comments

Comments are closed.

Ed Barnard at 15:32 on 30 Sep 2016 (via Web2 LIVE)

Excellent talk from an obviously knowledgeable speaker. Was able to answer questions clearly and coherently. Glad I attended. Thank you!

Bob Lindner at 16:34 on 30 Sep 2016 (via Web2 LIVE)

This session alone was worth the price of admission to the whole conference! Ilia really knows his stuff. I left with several ideas of how I can improve my projects and a pile of things to read up on. Thank you!

Tim Lindner at 16:38 on 30 Sep 2016 (via Web2 LIVE)

Great talk - very relatable and informative to anyone building websites or web applications. Ilia is definitely a subject matter expert!

Charlene Wroblewski at 16:38 on 30 Sep 2016 (via Web2 LIVE)

Wow! A lot of great information. Will be processing this for quite a while.

Andrea Roenning at 16:38 on 30 Sep 2016 (via Web2 LIVE)

Great talk about PHP security that was both informative and entertaining. I was glad to hear some specific examples of how sites are hacked and hear about new security features in PHP 7.

Juan Martinez at 16:43 on 30 Sep 2016

Good talk and very dense. Again, an addition of demos would be really useful

Jasper Kooij at 09:29 on 1 Oct 2016 (via Web2 LIVE)

Eye opening with deeper insights on how to better code!

Jim Dreger at 09:59 on 1 Oct 2016 (via Web2 LIVE)

Great presentation with very knowledgeable speaker

Mark Schuessler at 11:22 on 1 Oct 2016 (via Web2 LIVE)

This talk was exceptional. It provided me with multiple security touch points & can propose as improvements to our customer base.

Tom Nesler at 16:15 on 1 Oct 2016 (via Web2 LIVE)

Good discussion during presentation. I felt that the level of complexity was just right.

Alex Fraundorf at 14:01 on 2 Oct 2016 (via Web2 LIVE)

Ilia did a great job explaining a very broad subject of web security. Not only was it in-depth yet easy to understand (a very difficult balance to achieve), but it was honestly entertaining.
I left with a ton of great notes and more prepared to protect my clients.
My only disappointment was that I didn't get to see Ilia hack a site! ;-)

Clinton Otte-Ford at 20:26 on 6 Oct 2016 (via Web2 LIVE)

Ilia did a fantastic job illustrating the many possible attack vectors for PHP applications. He emphasized the balance between usability and security as well as the importance of validating / escaping out input and output. I really held on to the fact that no input can be trusted, even when it is coming from a legitimate source - there are simply too many ways to spoof and reflect bad information into a database. The time really flew by and Ilia was very energetic and engaging. In the future I would suggest adding audience participation, perhaps by searching a piece of sample code manually or with one of the suggested tools.