It’s common to hear people preach "plan in security from the start" and in an ideal world, you can. Here in the real world, though, we have legacy code that’s gathered over time and comes with a host of problems – (in)security included. What do you do when you’ve been commissioned with securing an application that’s showing its age? Follow along with me as I step you through a list of tips and tricks you can use to discover security issues in your application and effectively fix them and secure your application.

Topics will include some of the most common vulnerability types, key places to look for potential issues and arm you with the tools and knowledge you’ll need to refactor that legacy application into something secure.


Comments are closed.

Chris Gearhart at 16:53 on 8 Feb 2019

Great talk, very knowledgeable, you covered things that I will take back to my team that they can use even on new applications they are building.

This talk felt aimed at legacy code that didn't have a lot of security in place. Everything the speaker said was good advice. Maybe next time there could be some in-depth examples of how to find and fix potential exploits. Walking through the process of identifying a csrf vulnerability and the process of implementing a patch would be helpful. Trouble is, you need an example of legacy code, and that will look different for everyone.

Very much enjoyed the talk.

Great insights and tools to go home and practice.

Miro Svrtan at 09:49 on 11 Feb 2019

It seems everyone has a different definition of legacy: for me it's a 5y old Symfony2 or similar beast, for Chris it's code from when dinasours roamed the earth (circa 2005).

Speaker brought up really interesting things (which was a nice referesher for me as I was blessed not to have to handle those types of issues for like a decade).

For 5*: I would suggest showing more code examples and how to solve them instead of just going thru the theory: I feel that people who have to handle those kinds of issues in these days would get much more value.