Little Bobby Tables Isn't Welcome Here

Eric Mann

Wednesday 30 May 2018 from 13:30 to 17:00

Workshop in English - US at php[tek] 2018
View Slides: https://speakerdeck.com/ericmann/little-bobby-tables-isnt-welcome-here
Short URL: https://joind.in/talk/7f682 (QR-Code (opens in new window))

Avg. Rating

Making the top page of Hacker News is every developer’s dream---unless it’s because you were hacked.

The OWASP Top Ten is required reading for every modern PHP developer. It enumerates the things to _not_ do while building an application. Still, it’s easy to trip up and accidentally violate a rule you think you’ve followed.

Together, we’ll walk through a pre-built PHP application to find both where it’s blundered and how to fix its fatal mistakes.

Comments

Comments are closed.

Francisco Santana at 16:35 on 30 May 2018

Excellent presentation, will be good to add some slide for common components that are tag as insecure.

Chuck Burgess at 08:50 on 31 May 2018

Really good content... pace was a tad fast for me to keep up in the workshop, not catching "do this" slides in time. Maybe reverting back to the "do this" slide for your "walk around" parts could help.

Donald Tyler at 10:29 on 31 May 2018

The information was excellent, and Eric clearly knows his stuff. I learned a few things and was inspired to do a similar talk for my team and local community.

The only reason I didn’t give 5 Stars was because the workshop Docker environment didn’t work well. I was on a Mac and I couldn’t get anything from the server but an error response. My colleague was on Windows using Docker Toolbox and couldn’t get the volumes to mount.

Eric was clearly trying to make it easy to get setup by offering the Docker option, but we ended up being unable to do the exercises because we relied upon it. If it’s not compatible with many systems, it’d probably be better to have attendees setup their own environments beforehand.

Rachel Lougee at 08:06 on 1 Jun 2018

Very practical presentation. It gave great examples on how to attack these vulnerabilities and more importantly how to fix these.

Jonathan Kaplan at 09:18 on 1 Jun 2018

This workshop was extremely well organized for "hands-on" work! I learn by doing, and so it was great to be able to pull up code for different examples, to see the code and then try to work my way through the concepts. This was fast-paced, and really showed me how much about security I still need to learn -- but despite the fast-pace and broad overview, made this topic seem accessible.

Ryan Howe at 09:33 on 6 Jun 2018

Very relevant workshop for all levels. It is important to realize the savings we get now that we parameterize queries, use templeting engines to escape output and under no circumstances trust our users! Very good examples and code, highly recommend this workshop for all levels as a refresher or intro