As part of the Bath Digital Festival the PHP South West Meetup group brings you a special edition of the meetup in Bath, with a couple of talks about security in web applications.

Wednesday 18th October 2017

19:15
2
Lets Hack a Website
Talk by Craig Francis (50 minutes)

We will look at the most (intentionally) insecure website ever created, and work out how many ways we can hack it - discussing each approach, with a quick demo, along with ways to fix the problems. -------------------------------------------------- If you want to run this insecure website on your own computer (it's PHP based), then feel free to checkout/download this repository: https://github.com/craigfrancis/bad-website I'd advise you to not look in the "/public/security/answers/" folder until after the talk - only because it covers everything I'll be talking about. --------------------------------------------------

20:15
3
Content Security Policies: Let's Break Stuff
Talk by Matt Brunt (50 minutes)

Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session you'll learn what they are, why they're needed, how they work and the limitations on what they can & cannot do to protect users. You'll see a demo of attacks a CSP will block, you'll see a site broken by a CSP, show what the different CSP directives & options will do and be introduced to some of the tools available to help with implementing a CSP on your sites!