Gary's talk was great. I know a lot of the stuff there, but with talks like this there is always going to be things you don't think about, and even the stuff you know is a great idea to get reminded about - it is too easy to forget about security sometimes.
Great delivery, and I personally think it was a good level talk to allow attendees of all experience - even I got something from it! :) Thanks Gary for taking the trip down to our user group.
The OWASP list hardly changes form year to year. Things aren't improving despite there being plenty of libraries and solutions to drastically reduce the exposure to security vulnerabilities.
In an attempt to educate developers, Gary's talk covers each of the top ten vulnerabilities, with a description of what they are, how they are exploitable and how the risk can be mitigated.
It takes years to get a solid understanding of security, so an hour presentation can only scratch the surface, but this is a great talk that everyone working in development should see.
A great talk and relevant way beyond just PHP. It was pitched nicely to be both points for those starting out to consider with their coding and a gentle reminder for experienced programmers to think about their coding and perhaps revisit the reasons they do things certain ways.
I thought Gary's talk was generally easy to follow and was paced well. He was cheery and confident, making for a smooth and fun presentation. I liked the advice he gave, pointing out that developers shouldn't hope to be security experts, and that it is wise to enlist the help of an expert when producing applications for customers.
An enjoyable talk, with a good pace and some humour thrown in. It was delivered at a level I felt was accessible to both technical and non-technical people.
Whilst I was aware of most of the security issues covered, it is always a good idea to have a refresher on security every now and then to keep us on our toes. It was also good to have the names described since the OWASP titles are not always very descriptive.
Comments
Comments are closed.
Gary's talk was great. I know a lot of the stuff there, but with talks like this there is always going to be things you don't think about, and even the stuff you know is a great idea to get reminded about - it is too easy to forget about security sometimes.
Great delivery, and I personally think it was a good level talk to allow attendees of all experience - even I got something from it! :) Thanks Gary for taking the trip down to our user group.
The OWASP list hardly changes form year to year. Things aren't improving despite there being plenty of libraries and solutions to drastically reduce the exposure to security vulnerabilities.
In an attempt to educate developers, Gary's talk covers each of the top ten vulnerabilities, with a description of what they are, how they are exploitable and how the risk can be mitigated.
It takes years to get a solid understanding of security, so an hour presentation can only scratch the surface, but this is a great talk that everyone working in development should see.
A great talk and relevant way beyond just PHP. It was pitched nicely to be both points for those starting out to consider with their coding and a gentle reminder for experienced programmers to think about their coding and perhaps revisit the reasons they do things certain ways.
Interesting talk with good examples and humour. Great stuff. :)
--
Ben Kennish (Bennish)
I thought Gary's talk was generally easy to follow and was paced well. He was cheery and confident, making for a smooth and fun presentation. I liked the advice he gave, pointing out that developers shouldn't hope to be security experts, and that it is wise to enlist the help of an expert when producing applications for customers.
An enjoyable talk, with a good pace and some humour thrown in. It was delivered at a level I felt was accessible to both technical and non-technical people.
Whilst I was aware of most of the security issues covered, it is always a good idea to have a refresher on security every now and then to keep us on our toes. It was also good to have the names described since the OWASP titles are not always very descriptive.
Thanks for coming down to PHP Hampshire Gary!
Great talk, very informant and light hearted at the same time.