Talk in English - UK at PHP UK Conference
Track Name:
Queen Charlotte
Short URL: https://joind.in/talk/7375c
(QR-Code (opens in new window))
Imagine you are working a project that uses Doctrine for your database abstraction, you think you are safe from SQL Injection vulnerabilities.
Even when using abstractions, or parameterised queries, we can still make mistakes; this is often a problem for junior developers, but it can also happen when our code becomes complicated.
Comments
Please login to leave a comment
Enlightening. Even if you thought you were already on top of injection, you leave this talk immediately wanting to check all your code for the specific bad design choices explained and start applying methods so it doesn't happen again.
Personally I could see myself making some of the database escaping mistakes but struggled a bit more to see the Twig examples as "real world" and would have liked a little bit more detail on how to implement the suggested static analysis.
Makes you think about your code and the problems that may be hiding in it
As someone who is making the journey from Junior Dev / recent graduate (mature student) to experienced developer, this was a great reflection on the security mistakes that can all to easily be made when you're gaining experience or making false assumptions. I'm hopeful that it will save me some embarrassment down the line...