Imagine the day where you get an email from your CEO: "Our site has been hacked! Millions of user records have been leaked! And we're being sued!"... Unfortunately, that situation appears to be quite common place in the modern world. In the past year alone LinkedIn, Sony, Zappos, Twitter, Apple, Yahoo and LastFM (and a lot more) have compromised, leaking over 100 million user records. How has this become common place? Developers traditionally haven't focused on security (that's someone else's problem, right?)... Wrong! Security is everyone's job!
Come and learn more about how to identify and fix security issues! In this workshop, we'll cover the most dangerous and prevalent security vulnerabilities in PHP applications today. We'll look at how those vulnerabilities work under the hood, and how to prevent them. Then, we'll spend time reviewing actual code with actual vulnerabilities. Once we've identified a potential vulnerability, you will actually execute an attack against it! By the end of the workshop, you should be able to identify insecure code and fix it!
Who is the target audience of this workshop?
- Any developer who has preformed code-review before
- Any developer who wants to understand security better
How experienced do I need to be?
If you understand how to read code, you have enough experience to attend this workshop!
Which version of software / php will you be covering?
All code used within the workshop will be compatible with PHP 5.3+ and MySQL 5.1+.
Do I need to bring a laptop?
Yes. There will be some lecture included in the workshop, but the majority of it will be hands-on.
Do I need to install or set-up any specific software prior to the day, in order to get the most out of the day?
Yes. Please have a functional version of PHP installed (5.3+), with Apache and MySQL (5.1+).
Is there anything I should read or study in advance?
A cursory understanding of the OWASP Top 10 will be very helpful.