Talk in English - US at Northeast PHP 2012
View Slides: http://www.slideshare.net/mikestowe/php-security-101
Short URL: https://joind.in/talk/5cb48
(QR-Code (opens in new window))
PHP Security 101
Comments are closed.
Great overview of how to approach security
Wow - I loved this. Nice job Mike!
Talk was good about security and validation for data. I feel though the questions from the audience was better. Hiding architecture and security rifts from would be hackers to attack, I would love to having a more sound strategy about this. Overall a good talk, it would be great to take away from this talk about the simplest security is usually the best.
Great job! Very good talk, it was engaging and informative. Thanks!
There were some serious flaws with the talk, namely the fact that he claimed that md5 was an acceptable algorithm for hashing passwords, and mentioned salting them almost as an afterthought.
The talk provided a good overview of some security basics, but was targeted at the beginner PHP developer. There were a couple critical oversights and mistakes, most obviously being the statement that MD5 is the industry standard password hashing algorithm. There was no mention of the serious flaws with MD5 and the ease with which collisions can can be found. There was only a passing mention of salt and no discussion of user versus general salts. There was no mention of the TRUE industry standards of sha256+ or bcrypt. The information that WAS provided is misleading at best and breathtakingly dangerous at worst.
Very good speaker, good slides - like others i was surprised at the response to md5...
the "101" is misleading, this was a very informative presentation with a lot of general concepts and practices presented. the coward "anonymous" above completely missed the point obviously, which is not about which encryption scheme is boss, but that you should validate and inspect all your inputs. Not all of us are beset by hackers, some of us just have minor mischief and blowups.
great for beginers! but had serious flaws
This talk was excellent. I've done very little with security but a great deal with PHP. Speaker brought a lot of concrete ideas with concrete code. Engaging--excellent speaker.
I'm in charge of advancing my dev team's security prowess, and I will definitely be using some of the things I learned in this presentation. Mike clearly knows his stuff.
Both of the talks that I went to presented by Mike were very useful and of the two (the mobile conversion being the other) I took the most away from this one that I can apply in my present job.
Security is always a tedious topic to those of us who just and to get on with the business of delivering content. But this talk did a wonderful job of reminding us all of the nature of the World Wild Web. Thanks for putting such an entertaining spin on the topic by putting it in the context of the jailer's view point.
Good takeaways, especially regarding proactive prevention and regular monitoring. But, can we put it into practice? Proactive discipline in the workplace is difficult. Strategies on how to implement and sell this approach to executives would be cool. He correctly made the argument that it was cheaper to address security before the inevitable breach. Need examples on ROI and making it so. Mike had a good balance of stories and actual code.
Great talk and validates the work that I've been doing on my sites... like the warm feeling that you're on track with addressing such an important topic!
I guess what some have missed is that its 101 security so of course for some it will be basic. I'm cool with basic, sometimes thats the best place to start. Aside from some microphone issues, I think the talk was good. There were a few things that went over my head but then again I don't claim to be a whizbang php developer.
Even with the MD5 thing, I think this was a great talk for these two reasons: (1) the speaker had humorous anecdotes that tied into the topic and kept it from being too dry and (2) useful information was communicated. There are too many speakers around who can only do one of those: be humorous and impart no useful information, or have a boring delivery in giving good content. I think that Michael would have shined as the first day opening keynote talk with this subject. And it actually mentioned PHP!
Some tough comments there for a very good talk that emphasized multiple approaches to security working together, rather than one single approach. Michael made it clear there is no one thing that's going to make your site secure. A valuable session.