Very interesting talk about security, seen from a different angle. Jakub demonstrates how easy it is to hack your own website, using the right tools. He clearly explains how a tiny mistake or silly thing you forget when developing an application can be exploited.
You think you don't make mistakes? Well think again.
Like Richard already said: it also got me pretty worried by the end of the day.
Jakub has a deep understanding of the subject and the tools he demonstrates and has a natural style of speaking. It's hard to believe you have not done this more often!
If I'm being critical: to make this into a real conference talk maybe the explanation of the types of attack and exactly how they can be exploited could be demonstrated? (the simple js alert, with clicking the image link, maybe?) I think it might have more impact if you actually see it happen as it's not common knowledge to everyone.
Wit the demo of the cli tools; once you run them, we see all sorts of messages flying over the screen and it gets a bit hard to follow exactly what attack is going on and what the results are. Maybe you could records this as a screencast or similar so you can stop it at times to explain a bit more in detail what is actually happening.
It is an absolutely under exposed subject and I think this talk should be heard more!
Very interesting talk about security, seen from a different angle. Jakub demonstrates how easy it is to hack your own website, using the right tools. He clearly explains how a tiny mistake or silly thing you forget when developing an application can be exploited.
You think you don't make mistakes? Well think again.
Like Richard already said: it also got me pretty worried by the end of the day.
Jakub has a deep understanding of the subject and the tools he demonstrates and has a natural style of speaking. It's hard to believe you have not done this more often!
If I'm being critical: to make this into a real conference talk maybe the explanation of the types of attack and exactly how they can be exploited could be demonstrated? (the simple js alert, with clicking the image link, maybe?) I think it might have more impact if you actually see it happen as it's not common knowledge to everyone.
Wit the demo of the cli tools; once you run them, we see all sorts of messages flying over the screen and it gets a bit hard to follow exactly what attack is going on and what the results are. Maybe you could records this as a screencast or similar so you can stop it at times to explain a bit more in detail what is actually happening.
It is an absolutely under exposed subject and I think this talk should be heard more!