Arne did an excellent job of showing off many common and easy vectors of attacking a web application. He discussed SQL injection, XSS, as well as things like port scanning with nmap. It would have been good to know that it was a beginner level talk but good information was provided and it seems to open a lot of eyes in the packed out room.
Really useful, showed a bunch us a bunch of different attacks commonly used against sites/servers including a bunch I hadn't thought of. Covered a broad topic very concisely. Could have done with more notes that we could grab a copy of but that's just my personal preference and laziness
Very entertaining, much like his talks last year @ ZendCon. Makes a lot of valid points, I found myself checking my own sites/servers for vulnerabilities as he named them off.
It was great for what it was, but it wasn't what I was hoping for. I've attended a lot of talks and even classes on Security and PHP and every single one boils down to the same basic info. Escape output and sanitize input. I guess I was hoping for more advanced topics out of a half-day tutorial. To be fair to Arne, the second half of the session may have progressed to more advanced topics, but having already sat through a number of similar sessions, I found myself bored and did not sit through the entire tutorial.
Again, this is not Arne's fault at all. He did a great job at presenting the material, and I found myself chuckling many times.
Comments
Comments are closed.
Arne did an excellent job of showing off many common and easy vectors of attacking a web application. He discussed SQL injection, XSS, as well as things like port scanning with nmap. It would have been good to know that it was a beginner level talk but good information was provided and it seems to open a lot of eyes in the packed out room.
Really useful, showed a bunch us a bunch of different attacks commonly used against sites/servers including a bunch I hadn't thought of. Covered a broad topic very concisely. Could have done with more notes that we could grab a copy of but that's just my personal preference and laziness
Very entertaining, much like his talks last year @ ZendCon. Makes a lot of valid points, I found myself checking my own sites/servers for vulnerabilities as he named them off.
It was great for what it was, but it wasn't what I was hoping for. I've attended a lot of talks and even classes on Security and PHP and every single one boils down to the same basic info. Escape output and sanitize input. I guess I was hoping for more advanced topics out of a half-day tutorial. To be fair to Arne, the second half of the session may have progressed to more advanced topics, but having already sat through a number of similar sessions, I found myself bored and did not sit through the entire tutorial.
Again, this is not Arne's fault at all. He did a great job at presenting the material, and I found myself chuckling many times.