Comments are closed.

This was a well delivered, well paced tutorial that has pointed me in the right direction to hunt down and research the areas discussed in more detail.

I have been developing using a LAMP stack commercially for two years having moved to PHP from a background of developing desktop applications with Microsoft .NET (C#).

I attended this talk in the hope that it would 'fill in the gaps' from what I have learnt 'on-the-fly' over 2 years of experience with PHP, via books, blog posts and working in a development team.

Whilst this tutorial confirmed that I am aware of most of the key security considerations for a LAMP developer, Arne covered certain areas in far more detail than I was aware of, especially regarding Cross Site Request Forgery and session hi-jacking.

It was great to see code examples, of which most were short, concise and to-the-point and helped to fast track the time it took for a concept to 'click'.

Arne kicked off with an ice breaker, encouraging delegates to briefly introduce themselves and their background. From there on in, Arne kept the tutorial interesting by making the session interactive by getting delegates to engage in 'What's wrong with this code' style questions, which made for some really interesting and fun debates.

I certainly felt I came away from this talk having a more in-depth understanding of security concepts I knew of, but didn't know much about.

Thanks for the tutorial, well presented.

Good overview of security threats and examples of how to prevent them. Well delivered presentation but hardly a tutorial. I was more expecting a session during which we could have some opportunities of coding/hacking which would definitely make it more interesting. Saying that I have learned a few things which I will definitely have a deeper look in the future.

In short:

- informative
- great idea to get everybody to introduce themselves
- code samples
- great overview of some of the security threats

- more of a presentation then tutorial
- lack of proper interaction with code
- presentation was getting dry from time to time

I have to agree with Sebastian it's been more a kind of deep and very well presented talk rather than a tutorial from you would expect more hands on the code and more interaction for the attendees.

One remarkable thing which I liked and usually don't happen is that Arne discussed not only implication about software security but also hardware security, physical access to the datacenter and such. It doesn't matter how secure is your software if everyone can access the server room without proper supervision or any other kind of restriction.

Overall I've been anyway satisfied.