He moved pretty quickly re: the specific of several basic exploits like XSS, CSRF. Had I not been at least a little bit familiar with the material, I might not have gotten it.
But awesome example of security-hole laden code. ;-)
A lot of the talk was review, but there was also some very interesting stuff that was new to me (like X-FRAME-OPTIONS for clickjacking). And thanks for taking time this morning to talk to me about securing DB connections.
Was ok, but lots of talking for a "hands-on" session, I would have preferred a let's find a security issue and let's actually use it. As mentionned in the presentation, showing an exploit in use has much more impact.
Comments
Comments are closed.
Very interesting, expert, and entertaining.
He moved pretty quickly re: the specific of several basic exploits like XSS, CSRF. Had I not been at least a little bit familiar with the material, I might not have gotten it.
But awesome example of security-hole laden code. ;-)
It was great to see so many security flaws and their sollution
A lot of the talk was review, but there was also some very interesting stuff that was new to me (like X-FRAME-OPTIONS for clickjacking). And thanks for taking time this morning to talk to me about securing DB connections.
Was ok, but lots of talking for a "hands-on" session, I would have preferred a let's find a security issue and let's actually use it. As mentionned in the presentation, showing an exploit in use has much more impact.
All good information but nothing new really. The 2nd half seemed to drag.
Great tutorial and a big eye opener.
Good talk / tutorial covering the key aspects of web security with PHP. Would definitely recommend it to others.