Talk in English - UK at PHP North West 2017
Short URL: https://joind.in/talk/c118c
(QR-Code (opens in new window))
Half of all exploitations take place between 10 and 100 days after a vulnerability is published in a library. Attacks come fast, exploits are automated. In this world, timely updating third-party software components is of vital importance. Incorrect implementation of these libraries makes it difficult to update and maintain them, increasing the risk of being breached via vulnerable components. This is the current state of the software where large number of software applications have vulnerable components. Starting from real-world examples, Katy Anton with explore the software design patterns to use when including third party components and will discuss how these patterns can reduce the attack surface and improve the overall security of the software. Developers and architects alike will benefit from case studies outlining how this approach improves security in the world.
Comments
Comments are closed.
The presentation was on the short side (20-25 min). Tips for improvement, show some tooling and/or examples of the design principles how we (as developers) can improve our applications. After all, there was enough time. In addition, I was very curious about numbers, how often do these specific attacks occur?
Very informative and will help a lot.
Very informative and surely helps our project .
Presented a useful framework, but could have used the full time to go into more detail and practical examples.
Great talk that started from the software design pattern and introduced the security design principles .
Great talk highlighting three key security approaches often missed when using third party libraries and APIs. Something every developer should consider!
Well delivered and followed with inspiring answers to questions raised hopefully making all attendees think about this when they go back on Monday. I know I will be.
Looking forward to future follow up talks on the subject!
Useful, agree with most comments so far. More info on tooling and examples of why make use of the patterns (Instead of that we should). Definitely worth hearing. ?
Good overview of security issues, but now I want to find some exploits...
Great content but agree with other comments that the pace could have been better.
Some great tips and techniques for managing security of 3rd party code in your projects - took away some useful tips to apply.
The talk felt like something was missing, I don't feel that we were actually effectively equipped to mitigate possible security issues effectively.