Web Security and You


Comments are closed.

Chris Russo at 11:37 on 5 Feb 2016

Good high-level insight into the main attack vectors over the web. Thanks Eli!

Great overview of the common things PHP developers have to look out for and what can be done to mitigate risk.

David Cochrum at 15:13 on 5 Feb 2016

I wish I knew this years ago ... BRB ... lots of rewriting to do ...

santiago sosa at 17:10 on 5 Feb 2016

Great overview to common ignored security vulnerability

Alex Vinot at 17:24 on 5 Feb 2016

Informative and entertaining

This was a great talk that went into the basics of OWASP and web security. But you also had great content for developers that knew web security well and gave more information about how to keep things up to date.

Thorough, nicely-paced overview of very important information!

Great overview of a variery of security risks and mitigation techniques for defending against them.

Phil Johnson at 11:05 on 8 Feb 2016

As a beginning php developer, I know I will appreciate this talk a great deal down the road when I don't have to go back and fix everything later.

Eli did a great job of turning a "What Not To Do" guide into a "Common Pitfalls" type of guide. They were some moments when it was "you should bad if you have every done this" (not a direct quote, he was too nice for that) but those really were important facts to take home even if nothing else stuck. I was a bit torn because there were more don't do this than here's the solution but realistically, and as Eli described, most solutions aren't one-size fits all.

A good talk, presented well by a good speaker.

That said, my constructive criticism would be:
SQL filter injection is a bit over-played in all security talks at this point; more attention could be paid to some of the lesser-known attack vectors: using string combinations that exploit escaping and filtering, SQL select/table parameter injection, anything TLS before 1.2, etc.