PHP Security & Best Practices

Comments

Comments are closed.

Anonymous at 11:50 on 16 Nov 2013

Obviously, having the right adapter for the projector is critical. Another option for a workaround, when you need your machine for its local DB, etc., is that you could use another machine with the right adapter to remote control (VNC, RDC, TeamViewr, join.me, 2X, etc.) the presenter's machine.

The talk seemed frenetic. You mentioned a few concepts and then quickly bounced into various demos, (which weren't even demos because of the tech issues), and scrolled quickly through code. You didn't have a lot of context or scaffolding for the audience to follow along and understand.

You didn't well differentiate between different types of sanitization/purification (beyond a quick mention that it does matter whether you are pushing to a DB or web output), nor, beyond the Bobby Tables comic, did you really show what was going on.

Remember, this is the foundations/beginner track. It's the time to pound out fundamentals. HTML input comes in-- what would it look like, how could it cause a problem in the database, how could it cause problems in PHP code, etc.

The hashing/salting/encryption discussion was particularly abstruse because of the handwaving.

You were enthusiastic, though, so that was positive.

Thanks for presenting!

Anonymous at 11:51 on 16 Nov 2013

Seemed very unprepared and disorganized. Disappointed.

Unfortunately didn't seem to know the material or practice a head of time. Consider having your code demos in multiple locations and be prepared in case you don't have your own laptop or no internet. Good start for your first talk but work on practicing in front of a mirror.

Of course, not having your own laptop or environment is a huge factor. The presentation itself was a bit weak (slides and information), though the code examples were nice (especially for a beginner track). If Alex could have been a bit more focused/familiar on showing the code examples, even with the technology working against him, I would have rated this 4/5. Unfortunately, he was rattled (understandably so), and that carried through every slide and point he discussed.

Taking into account the fact that it was a borrowed laptop that didn't have the functioning examples, I think that the talk had the potential to be really informational - the points that were outlined were pretty relevant, but it felt like the speaker wasn't that sure of what the code example should do once he found them.