Security Theatre


Comments are closed.

Jos Elstgeest at 16:11 on 29 Jan 2016

Nice talk on the whole view of security layers and how we need to pay attention to all of them.

One note, there's an error in your password update slide it should be $newPassword = password_hash($password, PASSWORD_DEFAULT); instead of password_verify($password, PASSWORD_DEFAULT) in the password_needs_rehash block

Bart Reunes at 17:05 on 29 Jan 2016

Very comprehensive talk, with some scary insights. Great, confident speaker, great tips.

Wake up call that security is more then only the little piece of software you are writing. Nice talk!

Rob ter Haar at 11:38 on 31 Jan 2016

Nice talk with some new insights. And nice examples how it can be go wrong also when you have the security ok

Nice overview, very shocking results for open source packages that are not getting their regular updates...

Did not attend the talk itself, but judging from the slides alone the whole webdev world needs a big wakeup call :)

Tom Cannaerts at 20:15 on 31 Jan 2016

Always nice to see results from actual real-world investigation.

Peter Slagter at 12:07 on 1 Feb 2016

Great job at presenting an overview of security layers, and explicitly pointing out that secure PHP code is only a tiny part of a stack that could be (in)secure as a whole.

I had some difficulty following the presentation because of 1) unreadability of slides and 2) the way you used slides.

As for point 1: the quality of the beamer and the size of the screen didn't really help. But slides with graphs would have been hard to read and interpret anyway.
Point 2: this is very personal. If i see a slide with large amounts of text, I start reading and focus on the slide, instead of the story. There were many slides that exactly showed what you told. I prefer slides that support your story (eg. what you say), instead of the other way around.

Jeroen Boersma at 12:29 on 1 Feb 2016

I found it a nice tech talk to start of with, developers do get lazy(including myself, but hey, thats my job, ahum) over time and thats where security risks derive from, also, we are not perfect.

It is nice to see that there is a lot one can find out without even knowing the source entirely, I've researched some myself by just Googling in the past. Now Thomas show some stats and gives us insights how we all can make a software a little saver.

Mike Simonson at 10:13 on 5 Feb 2016

Really scary graphics.

Scato Eggen at 10:22 on 5 Feb 2016

Entertaining talk with a fair number of good points (like including users in building security into an app).