Talk in English - UK at PHP North West 2011
View Slides: http://www.slideshare.net/paullemon/phpnw-security20111009
Short URL: https://joind.in/talk/c576c
(QR-Code (opens in new window))
Feeling secure? - notes from the field
Comments are closed.
Fantastic talk, brilliant speaker, really useful points and well researched security issues discussed.
Great talk, Paul covered those things we already know in order to reinforce their importance and to make sure that every aspect of those vulnerabilities was understood - necessary to avoid complacency.
Comprehensive coverage of different flavours of common vulnerabilities with deliberately short code examples.
One of those talks where you walk away with new things to try, but also a few jobs to do. Would like to see the extended version of this covering XSRF and more.
I liked the talk although I was a little disappointed that it was the usual suspects that were covered. Having said that I understand why they were. The topics were well covered and it's good to be reminded of the security aspects. Thanks.
Good talk and well delivered, though frustrating that there wasn't nearly enough time to give the topics enough depth; this was no fault of Paul's and I'd like to see him talk again on this topic in a longer time slot.
Covered topics that I was familiar with but was well delivered and did pick up a couple of useful nuggets (such as the php.ini stuff)
I found this to be a particularly good talk, and a good speaker. would have been great to have had more time to cover some of the other topics.
Good talk and intro to some of the most common issues. Would be good to see same level of coverage for other issues in future.
Well delivered recapitulation of the most important security rules. Again, the whole day could be easily spent on going into more details but I liked that Paul just picked the ones he believed were the most important and only focused on them which prevented turning the talk into a fast forward slideshow.
Even though I knew most of the stuff it's good to get them hammered in every once in a while because it's just so important, and as Paul correctly said we tend to get a bit complacent over time when it comes to security.
Paul is a very good speaker; very confident, relaxed and really knows his stuff. I liked this presentation a lot!
A nice short introduction into php/web security with a lot of good and valid points getting in some of the promised 'from the field' experience but not as much as I had hoped to.
It was a very nice unconf talk and I'd like to the 45/60 minute version at unconf EU or some other conference!
One of the best talks of the conference - I wish Paul had had a full hour, no, 2 hours to go through his material. Really fascinating subject, excellently presented and with clear code examples to boot.
A note to the conference organisers - this really should have been moved to the Saturday - people need to know this stuff.
A very good talk from a quality speaker. This talk really should have been given more time but credit to Paul for managing to squeeze so much into the short timeslot :) I thought the examples he gave were some of the clearest I've seen on a number of well-known but often less-well understood attack vectors and he had some interesting points (such as [removed] protocol urls) that are often forgotten about.
A subject more deserving of a week's training than a half hour talk, but Paul presented the main topics clearly, discussed them well and kept things focussed and to the point throughout. I even learnt something new in respect of the injection attacks into the href attribute, and the only negative point to make is that I now have to start combing my code base to see if there are any vectors for that particular issue!
Very interesting talk and good for a reference point, just a shame it wasn't longer!
Great talk. Engaging and didn't slow in pace.
It did cover the basics instead of more complex security problems, but then with those being the top reported security holes it made sense (this was explained in the talk).
I think this talk would be much better suited for an hour slot instead of 30 mins. That way the basics can be covered in the first half, with the remaining spent on more complex security holes like CSRF.
Excellent presentation. As others have said, there's nothing really new in the talk, but it's great to be reminded of what we should look out for.
Session could easily have been twice as long and just as entertaining and interesting.