Very useful and practical introduction to common security risks, and how to prevent them. For those that wren't able to get vagrant up and running, or those that weren't able to figure out how to breach the security in your app it would have been useful to show us an example on the app on your screen. The resources you linked to for further information were great as well! Thanks!
Overall the tutorial covered some very important points about security, but it was lacking some detail in showing how to pull off some attacks. My biggest complaint though is due to the code base needed to run the demonstration. For basic SQL attacks and JS injection the code base was over kill, the time spent getting everyone setup could have been much easier if the install didn't require downloading multiple packages in composer. Granted the Vagrant image is awesome to have, I felt the code base was just too heavy with dependencies to quickly get people up and going.
Delivery/Interaction: Good pacing, good solicitation of questions
Relevance: Good topic, a little more basic than I was hoping for, but that may be more of a problem with my expectation than the level of the talk.
Expertise: Chris clearly spends some time in this area and it comes through well in the talk.
Awesomes: It seemed like a really well prepared talk (which is extra impressive, since I know it was a fill-in for Wim). Having actual code to poke at was really nice.
Do-betters: I thought the time management could have been a little better. It felt like a lot of time at the beginning was spent getting people up and running - maybe have a minion to help people while you carry on?
Comments
Comments are closed.
Great talk and great examples. Really appreciated having the files up front and they were a vagrant instance to make it easy.
Very useful and practical introduction to common security risks, and how to prevent them. For those that wren't able to get vagrant up and running, or those that weren't able to figure out how to breach the security in your app it would have been useful to show us an example on the app on your screen. The resources you linked to for further information were great as well! Thanks!
Overall the tutorial covered some very important points about security, but it was lacking some detail in showing how to pull off some attacks. My biggest complaint though is due to the code base needed to run the demonstration. For basic SQL attacks and JS injection the code base was over kill, the time spent getting everyone setup could have been much easier if the install didn't require downloading multiple packages in composer. Granted the Vagrant image is awesome to have, I felt the code base was just too heavy with dependencies to quickly get people up and going.
A good tutorial. Having the application as an example was very helpful, and having it as a vagrant box made it quick to get started.
Delivery/Interaction: Good pacing, good solicitation of questions
Relevance: Good topic, a little more basic than I was hoping for, but that may be more of a problem with my expectation than the level of the talk.
Expertise: Chris clearly spends some time in this area and it comes through well in the talk.
Awesomes: It seemed like a really well prepared talk (which is extra impressive, since I know it was a fill-in for Wim). Having actual code to poke at was really nice.
Do-betters: I thought the time management could have been a little better. It felt like a lot of time at the beginning was spent getting people up and running - maybe have a minion to help people while you carry on?