You’ve probably heard about XSS, SQL Injection, and RCE. Very few developers out there have witnessed first-hand what exploiting any of the mentioned vulnerabilities looks like, and therefore don’t necessarily understand the consequences that having such vulnerabilities in your application can have. In this talk, we’ll exploit some commonly known vulnerabilities (OWASP top 10) and misconfigurations that can occur to a PHP application running on a Linux based host. By learning to think like a hacker you’ll be able to develop more secure applications with PHP, and to keep your users, clients, and yourself safe.
This presentation consists of security concept theory sections from PHP developers' point-of-view and a few hands-on hacking demonstrations. At the end of the presentation, we go through a set of concrete action steps to secure our applications from the vulnerabilities we learned about earlier.

Comments

Comments are closed.

Very good talk, 15mn more would be perfect

Quentin Bihet at 10:13 on 22 Oct 2020

Very good ! Nice to have security talk :)

Very good talk! Even though OWASP top10 is discussed, applied examples give a different angle to the talk and make it stand out compared to the baseline usual OWASP top ten talks we are already used to.

Fantastic talk ! Very helpful to understand how hacking works and how to protect your project. Only thing it was missing was time, 15 minutes more would have been good.

Yann Eugoné at 13:01 on 22 Oct 2020

Very interesting, would love to listen/read more content on this topic

François D. at 16:11 on 22 Oct 2020

Very good talk.

Great talk ! Learned a lot !

Très intéressant, le heads up sur l'injection d'objet.

Interesting, I already has a training on php security, but I learn new things !

Interresting, nice to be aware of php security

Lucas Legname at 12:07 on 23 Oct 2020

Nice talk, an important topic explained with good examples!

Very interesting, with great examples. I would have listened to a longer conf :)

Maxime Huran at 08:48 on 26 Oct 2020

Very interesting ! We need to know the basics of hacking to avoid it in our code