Good talk, approached the various topics surrounding security simply and clearly (not always easy with this subject area).
Only room for improvement would be to go into more depth about how CSRF and XSS attacks can be exploited in the wild.
Security is HARD topic to approach and to talk about, correctly. James showed how we can implement simple steps to help achieve a safe and secure approach to web app development. I would love to see some of the topics you touched on in more depth so next time you come talk that would be great :D
Great talk.
James is a confident speaker and the talk was aimed at all levels of developer knowledge. He really engaged with the audience too.
There was a good mix in the talk so that everyone should be able to take something away from beginners starting out on their first site to advanced developers picking up a refresher on how we need to stay secure.
Thanks James. Hope we'll see you again at PHPDorset
Excellent talk. I really enjoyed listening to James' opinions on security which are built from his experiences. Those insights are valuable for deciding between a solution which sounds good and a solution that works in practice.
The one time token section I felt was particularly important and if I had one suggestion it would be that this bit could be elaborated on more for talks with a longer time frame if that isn't already planned :)
I'm always cautious of security talks as there's so much misinformation but this talk was spot on. Easy enough for a beginner to pick up but still lots of good bits for more advanced developers.
- Dave
Great talk covering a large variety of issues that every PHP developer should be aware of. It was nice to see a security talk that was focuses on personal experience within the development world.