International PHP Conference |
May 25 – 29, 2020 in Berlin

Practical Security in Web Applications

Session
This talk originates from the archive. To the CURRENT program
Until February 6: ✓ Workshop Day for free ✓ Group discount ✓ Save up to € 700 Register now

More talks in the program:

Infos
Tuesday, June 4 2019
10:30 - 11:15

Explore effective methods to identify & avoid the most common and devastating security pitfalls in Web Applications.

When it comes to an enterprise’s exposure to security vulnerabilities, one could easily argue that its web presence is by far its greatest threat. There are many ways to build vulnerable applications and a few effective ways to "build them right". We’ll instrument you to stay on right side of this equation.

Agenda:

Basic Resources and Tooling

  • We’ll look at the OWASP Top 10
  • Open-Source Code Analysis for your CI/CD
  • Open-Source Security Scanning

Low-level Threat Avoidance

  • Avoiding SQL Injections — Dangers of not properly-using an ORM
  • Avoiding CSRF
  • Avoiding XSS
    • Data Scrubbing
    • Data Rendering

Application Threat Avoidance

  • User Authentication / Password Hashing
  • OAuth Security
  • Resource Access
    • Multi Tenancy: Users & Companies

Architectural Considerations

  • Systems Architecture
  • Credentials Handling

Stay tuned!

Behind the Tracks of IPC

PHP Core Technology
Best Practices & Application

General Web Development
General Web Development & more

Agile & Company Culture
Agility has become mainstream

Software Architecture
Concepts & Environments

Security
All about Web Security

Testing & Test Driven Development
An overview of the most important topics

DevOps & Continuous Delivery
DevOps is a philosophy

Docker, Kubernetes, Cloud
An overview of the most important topics

#slideless (pure coding)
An overview of the most important topics

PHP Frameworks
An overview of the most important topics

Content Management Systems
An overview of the most important topics