Talk in English - US at PHP Tek 2026
Short URL: https://joind.in/talk/42095
(QR-Code (opens in new window))
Modern web applications remain one of the most targeted attack surfaces, and PHP applications are frequently exploited due to insecure coding practices, outdated dependencies, weak authentication mechanisms, and misconfigured servers. When a compromise occurs, organizations often struggle to identify the attack vector, contain the breach, preserve forensic evidence, and restore services without repeating the same mistakes.
This session provides a practical, real-world approach to responding to security incidents affecting PHP-based web applications. The presentation will walk through the full incident response lifecycle, including detection, triage, containment, eradication, recovery, and post-incident analysis.
Using realistic attack scenarios and lessons learned from real-world incidents, the session will demonstrate how to analyze logs, identify indicators of compromise, investigate malicious web shells, preserve evidence, coordinate communication, and implement remediation strategies. The discussion will also cover secure coding practices, web application monitoring, threat detection, and preventive controls that reduce the likelihood and impact of future attacks.
This presentation is designed for cybersecurity professionals, incident responders, developers, application security teams, and IT leaders seeking actionable guidance for handling modern web application breaches effectively.
Comments
Please login to leave a comment
Tons of great information about what to do when the worst happens. Great examples and lots of information about tools and processes.
Great talk going into good incident response practices.
Some additional useful information especially if you also saw the Zero Trust talk. And like that talk, this had useful lists and frameworks to take home and study. As someone who’s never run a fire drill or a live warroom, I wish there had been a little more discussion of how those usually go or advice on how to structure them. One of the most useful pieces of information is not to shut down the server after it’s compromised. I am going to go home and create a runbook on how to capture a memory snapshot, because we need to be able to do that. Thank you!