Learn from the Enemy: Securing Your Web Services

gistfile1.txt

“You will be about to lose, Ender, but you will win. You will learn to defeat the enemy. He will teach you how.” We got hacked. 
It happens. We found that our web _site_ protections are helpless in defending a web _service_ attack. HTTPS does not protect 
passwords. I show you what security techniques are not good enough _and why_. Our PHP web services architecture is tough and mean 
and prickly. The attackers do not like it. I show you what we did. Here are the tools and mind-set you need to send the enemy 
looking elsewhere for an easier target.

Replace "I show you" with "I'll show you."

I'd probably take out the starting quote.

"HTTPS does not protect passwords." This doesn't sound right. Is there a more precise way to word it?

"Our PHP web services architecture is tough and mean and prickly. The attackers do not like it." This seems superfluous. I'd remove it.

I understand the high-level topic of the talk, but I think it needs more specifics about what a prospective audience member can expect to learn.

Is this talk about how awesome you are? If it's about how awesome I could be when I come to see your talk and learn what to do when my server gets hacked, then I think the wording needs to change. I have no idea what the opening quote is about and I don't think it makes your talk more compelling. I think this is a great idea but try a format that clearly states the problem (we're probably all going to get hacked one day), offers solutions (make your web services architecture super defensive), indicates who should attend (anyone responsible for a server) and what they will be able to do when they leave the room (save the world).

Hope that helps, good luck :)