PHPSW: Security, April 2017
12 Apr 2017 at BaseKit

4

Protecting your users' data with just a username and password is no longer satisfactory. Two-factor authentication (2FA) is the primary method of countering the effects of stolen passwords and is easy to implement in your web application. In this session we will discuss what two-factor authentication is, how it works and the challenges associated with it. We will then look how to integrate two-factor authentication into your PHP application's login workflow. We'll consider both YubiKey and Google Authenticator implementations, so you can make your users' accounts more secure.

Cyber attacks are a real and growing threat to businesses and an increasing number of attacks take place at application layer. The best defence is to develop applications where security controls are incorporated as part of the software development cycle and used by developers while writing their code. OWASP Top 10 Proactive Controls considers security as part of development. This talk will present the proactive security controls that can be incorporated in development cycle and used while writing the software. By the end of this presentation you will have a better understanding of the recommended security controls that you can incorporate into your software projects. For each control, you will learn which OWASP Top 10 Risks can prevent.