Facebook's Approach to Common Web Vulnerabilities


Comments are closed.

Very interesting talk with a lot of practical examples of the types of problems Facebook have encountered in the past. The advice on creating APIs that were safe by default and simpler for developers to use was really useful, and went beyond the normal list of vulnerability types that makes up many security talks.

A well presented talk by a confident speaker.

Well delivered and a few interesting things however nothing really new or interesting on the security side

Really interesting talk. It was nice to see the evolution of approaches taken, and some neat, and new to me ideas (e.g. checking encoding of the letter 'e').

I suppose there's not so much that's immediately actionable, as a lot of the tools used are internal to FB.

Anonymous at 20:21 on 22 Feb 2014

A fascinating peek "under the hood" at security solutions of the behemoth that is the Facebook source. Ben clearly outlined the reasoning behind various unusual techniques to combat security issues on a large scale platform as he confidently charged through the talk.

Yes, very fascinating to see you cope with vulnerabilities. There were some things I never considered before, such as the XML vulnerability.

I would like to have seen more of the same. Surely there must have been other security related things Facebook had to contend with and overcome.

But very good talk man! If you are there again next year I will definitely attend.

Good talk; not new content for me; however interesting to see how Facebook deal with the issue I face everyday.

I think I would have made more sense having this talk in the main track as it was extremely popular (and therefore hot in the room) - this made it an uncomfortable last 15 minuets for me.

I was 5 minutes late to attend this so I couldn't fit in the room. People were overcrowding around the corner and I could hardly hear the speaker...

On the plus side, 4 of my work colleagues attended, and said it was amazing. So I guess I shall watch the recording once it's uploaded :)

Thoroughly enjoyed this talk. Very clear presentation, confident speaker, pitched perfectly and full of useful nuggets of info.

Very interesting talk, presenting many concepts that go against community standards and best practices, but there is a valid reasoning behind each and every one of them which was clearly communicated. Love to see people ding things differently and thus figuring out new methodologies to achieve the goals (e.g. 'e' escaping test)