With more and more sites falling victim to data theft, you’ve probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we’ll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We’ll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.

Comments

Please login to leave a comment

Good broad overview talk, going in depth just enough, without going too deep. Thanks!

Rated 4

Mathew Hucks at 22:28 on 28 Jan 2017

Good talk. But wasn't a tutorial / workshop like I expected. Started of with a nice recap of some basic vulnerabilities based on Owasp's top 10. But I do think most of the listed vulnerabilities are handled by frameworks nowadays. Covering security topics (which sys admins have to deal with) were interesting to hear about, but not so practical for a developer.

Nice overview of security, I liked the live demos. I would hardly call it a workshop though, since was no interactivity at all—it might have been good to let us know this in advance in the description. One big issue for me was that the content seemed seemed a little outdated: pre-PHP5.4 array syntax in code examples, no mention of Synfony/Laravel/Zend frameworks... A more telling example: the part about password storing recommendations didn't mention salting at all (!!!), nor recent algorithms like bcrypt (instead recommending SHA512 over MD5, which is the bare minimum...). Seems like a lot of the content was good for basic knowledge but not really relevant to post-2010 applications that use frameworks and NoSQL.