Nice talk on the whole view of security layers and how we need to pay attention to all of them.
One note, there's an error in your password update slide it should be $newPassword = password_hash($password, PASSWORD_DEFAULT); instead of password_verify($password, PASSWORD_DEFAULT) in the password_needs_rehash block
Great job at presenting an overview of security layers, and explicitly pointing out that secure PHP code is only a tiny part of a stack that could be (in)secure as a whole.
I had some difficulty following the presentation because of 1) unreadability of slides and 2) the way you used slides.
As for point 1: the quality of the beamer and the size of the screen didn't really help. But slides with graphs would have been hard to read and interpret anyway.
Point 2: this is very personal. If i see a slide with large amounts of text, I start reading and focus on the slide, instead of the story. There were many slides that exactly showed what you told. I prefer slides that support your story (eg. what you say), instead of the other way around.
I found it a nice tech talk to start of with, developers do get lazy(including myself, but hey, thats my job, ahum) over time and thats where security risks derive from, also, we are not perfect.
It is nice to see that there is a lot one can find out without even knowing the source entirely, I've researched some myself by just Googling in the past. Now Thomas show some stats and gives us insights how we all can make a software a little saver.
Comments
Comments are closed.
Nice talk on the whole view of security layers and how we need to pay attention to all of them.
One note, there's an error in your password update slide it should be $newPassword = password_hash($password, PASSWORD_DEFAULT); instead of password_verify($password, PASSWORD_DEFAULT) in the password_needs_rehash block
Very comprehensive talk, with some scary insights. Great, confident speaker, great tips.
Wake up call that security is more then only the little piece of software you are writing. Nice talk!
Nice talk with some new insights. And nice examples how it can be go wrong also when you have the security ok
Nice overview, very shocking results for open source packages that are not getting their regular updates...
Did not attend the talk itself, but judging from the slides alone the whole webdev world needs a big wakeup call :)
Always nice to see results from actual real-world investigation.
Great job at presenting an overview of security layers, and explicitly pointing out that secure PHP code is only a tiny part of a stack that could be (in)secure as a whole.
I had some difficulty following the presentation because of 1) unreadability of slides and 2) the way you used slides.
As for point 1: the quality of the beamer and the size of the screen didn't really help. But slides with graphs would have been hard to read and interpret anyway.
Point 2: this is very personal. If i see a slide with large amounts of text, I start reading and focus on the slide, instead of the story. There were many slides that exactly showed what you told. I prefer slides that support your story (eg. what you say), instead of the other way around.
I found it a nice tech talk to start of with, developers do get lazy(including myself, but hey, thats my job, ahum) over time and thats where security risks derive from, also, we are not perfect.
It is nice to see that there is a lot one can find out without even knowing the source entirely, I've researched some myself by just Googling in the past. Now Thomas show some stats and gives us insights how we all can make a software a little saver.
Really scary graphics.
Entertaining talk with a fair number of good points (like including users in building security into an app).