Application Security Nuts to Bolts

Comments

Comments are closed.

Ed Barnard at 15:32 on 30 Sep 2016

Excellent talk from an obviously knowledgeable speaker. Was able to answer questions clearly and coherently. Glad I attended. Thank you!

Bob Lindner at 16:34 on 30 Sep 2016

This session alone was worth the price of admission to the whole conference! Ilia really knows his stuff. I left with several ideas of how I can improve my projects and a pile of things to read up on. Thank you!

Tim Lindner at 16:38 on 30 Sep 2016

Great talk - very relatable and informative to anyone building websites or web applications. Ilia is definitely a subject matter expert!

Wow! A lot of great information. Will be processing this for quite a while.

Great talk about PHP security that was both informative and entertaining. I was glad to hear some specific examples of how sites are hacked and hear about new security features in PHP 7.

Good talk and very dense. Again, an addition of demos would be really useful

Jasper Kooij at 09:29 on 1 Oct 2016

Eye opening with deeper insights on how to better code!

Jim Dreger at 09:59 on 1 Oct 2016

Great presentation with very knowledgeable speaker

This talk was exceptional. It provided me with multiple security touch points & can propose as improvements to our customer base.

Tom Nesler at 16:15 on 1 Oct 2016

Good discussion during presentation. I felt that the level of complexity was just right.

Alex Fraundorf at 14:01 on 2 Oct 2016

Ilia did a great job explaining a very broad subject of web security. Not only was it in-depth yet easy to understand (a very difficult balance to achieve), but it was honestly entertaining.
I left with a ton of great notes and more prepared to protect my clients.
My only disappointment was that I didn't get to see Ilia hack a site! ;-)

Ilia did a fantastic job illustrating the many possible attack vectors for PHP applications. He emphasized the balance between usability and security as well as the importance of validating / escaping out input and output. I really held on to the fact that no input can be trusted, even when it is coming from a legitimate source - there are simply too many ways to spoof and reflect bad information into a database. The time really flew by and Ilia was very energetic and engaging. In the future I would suggest adding audience participation, perhaps by searching a piece of sample code manually or with one of the suggested tools.