Web Application Security: Winning When The Odds Are Against You

Comments

Comments are closed.

Anonymous at 23:55 on 29 Aug 2014

While some valid points were demonstrated, there wasn't a lot of take-away advice on practically avoiding the basic exploits.

The demos were yery well-prepared, clear, and worked well in real-time. That was great.

However, while the Talk was entitled 'Winning" - the only thing that happened was "Losing".

From the talk description:
"This presentation aims to arm you with the mindset, tools and resources to minimise the opportunities for attack, and the reduce the fallout when they succeed."

- the 'mindset' part was a success, by raising awareness of issues, but none of the rest was delivered. No tools, techniques, tests or mitigations were described. Not even any defensive programming tips, beyond "try not to let this sort of thing happen" I guess.

Anonymous at 21:48 on 30 Aug 2014

Was a good talk but I wanted more than the basic security issues.

Ben puts on a top notch presentation no doubt, and I enjoyed it, but would have been good to see this go beyond very basic security fundamentals - though I guess we all need reminders of the pitfalls of overlooking these basics.

Very well presented, most memorable talk of the conference. Could have done with more mitigation detail, but I suspect that would've been hard to fit within the allotted time.

Hackers are d*cks.