PHPSW @ Bath Digital Festival: Security in Web Applications
18 Oct 2017 at Revolution Bath

We will look at the most (intentionally) insecure website ever created, and work out how many ways we can hack it - discussing each approach, with a quick demo, along with ways to fix the problems. -------------------------------------------------- If you want to run this insecure website on your own computer (it's PHP based), then feel free to checkout/download this repository: https://github.com/craigfrancis/bad-website I'd advise you to not look in the "/public/security/answers/" folder until after the talk - only because it covers everything I'll be talking about. --------------------------------------------------

Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session you'll learn what they are, why they're needed, how they work and the limitations on what they can & cannot do to protect users. You'll see a demo of attacks a CSP will block, you'll see a site broken by a CSP, show what the different CSP directives & options will do and be introduced to some of the tools available to help with implementing a CSP on your sites!