Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

200K+ reasons security is a must

1,325 views

Published on

We all have focussed on best practices and code quality over the past years, but we seemed to forgot the most important aspect of the web: security. This talk gives a good overview on your first-line of defence in your code, how to ensure that new exploits and hacking techniques are covered with tests and how you build solid web applications that secured enough to keep script kiddies and wanna-be hackers away. I will also give some tips what to do when you're company becomes victim of cyber crime.

Published in: Engineering

200K+ reasons security is a must

  1. 1. 200K+ reasons Why security is a must in it2PROFESSIONAL PHP SERVICES
  2. 2. About 2 years ago
  3. 3. 99K problems
  4. 4. A year later
  5. 5. Today!
  6. 6. Today!
  7. 7. ps://www.flickr.com/photos/andymag/93497434
  8. 8. Neverending awareness https://www.flickr.com/photos/yonolatengo/8338597558
  9. 9. Why bother? https://www.flickr.com/photos/emagic/56206868
  10. 10. In the news… https://www.flickr.com/photos/39908901@N06/6923408938
  11. 11. In the news… https://www.flickr.com/photos/39908901@N06/6923408938
  12. 12. Yes, you’re a target! https://www.flickr.com/photos/jeepersmedia/14546059371
  13. 13. Email addresses are valuable! https://www.flickr.com/photos/horiavarlan/4514164700
  14. 14. One password, many sites!
  15. 15. One password, many sites!
  16. 16. One password, many sites!
  17. 17. One password, many sites!
  18. 18. One password, many sites!
  19. 19. One password, many sites! abc123
  20. 20. Advice on tools!!! Password managers!
  21. 21. Advice on tools!!! Password managers!
  22. 22. Advice on tools!!! Password managers!
  23. 23. Advice on tools!!! Password managers!
  24. 24. 2-factor authentication http://www.google.com/landing/2step/
  25. 25. Or just use SMS http://twillio.com
  26. 26. Who’s after my data? https://www.flickr.com/photos/teegardin/6093810333
  27. 27. Script kiddies
  28. 28. Amateur hacker https://www.flickr.com/photos/hackny/6203305706
  29. 29. Business Competition https://www.flickr.com/photos/haggismac/5090028513
  30. 30. Professional hacker https://www.flickr.com/photos/equinoxefr/6857174987
  31. 31. Governments //www.flickr.com/photos/defenceimages/79856
  32. 32. What to do against it? https://www.flickr.com/photos/drachmann/327122302
  33. 33. Cultural differences https://www.flickr.com/photos/robdeman/2390666040
  34. 34. Legal regulations https://www.flickr.com/photos/puisney/1674586821
  35. 35. Architectural considerations https://www.flickr.com/photos/niftyniall/12768922813
  36. 36. Restrict physical access https://www.flickr.com/photos/zapthedingbat/487133720
  37. 37. Secure your network https://www.flickr.com/photos/99279135@N05/14618342277
  38. 38. Extra care for privacy data https://www.flickr.com/photos/hyku/368912557
  39. 39. Use encryption https://www.flickr.com/photos/ideonexus/5175383269
  40. 40. Application Lock Down https://www.flickr.com/photos/simon_cocks/4534589059
  41. 41. Security Checkpoints https://www.flickr.com/photos/paulk/2212992458
  42. 42. Track movements https://www.flickr.com/photos/timsamoff/362730755
  43. 43. Code considerations https://www.flickr.com/photos/nyuhuhuu/4443886636
  44. 44. Security is not an afterthought! https://www.flickr.com/photos/webb-zahn/10971215425
  45. 45. Little bobby tables xkcd.com/327
  46. 46. Sanitise data! Always!!! <?php   $id = $_GET['id'];   // sanitise tainted data $clean_id = filter_var($id, FILTER_SANITIZE_NUMBER_INT); $clean_id = filter_var($clean_id, FILTER_VALIDATE_INT); if (0 < $clean_id) { $stmt = $pdo->prepare( 'SELECT * FROM TABLE WHERE `id` = ?' ); $stmt->bindParam(1, $clean_id, PDO::PARAM_INT); $stmt->execute(); }
  47. 47. Use the right tool for the job https://www.flickr.com/photos/florianric/7263382550
  48. 48. Layered security https://www.flickr.com/photos/feesta/2700575201
  49. 49. You know all this, right! https://www.flickr.com/photos/sarahreido/3120877348
  50. 50. Victim of an attack? https://www.flickr.com/photos/marittoledo/8512244945
  51. 51. Know you’ve been hacked!
  52. 52. Inform everyone ASAP! https://www.flickr.com/photos/bluerobot/5490728061
  53. 53. Get security advise!
  54. 54. Inform the world
  55. 55. Your turn https://www.flickr.com/photos/tmab2003/4277896845
  56. 56. Spread the word https://www.flickr.com/photos/suneko/373310729
  57. 57. Comment on “bad” practices https://www.flickr.com/photos/sebastian_bergmann/3991539605
  58. 58. Learn about the risks
  59. 59. Learn the basics of hackinghack.me
  60. 60. Use hack cheat sheets ha.ckers.org
  61. 61. Continuously unit test!
  62. 62. Other resources…
  63. 63. PHP Security Checker https://github.com/psecio/parse
  64. 64. Essential PHP Security
  65. 65. Security Checklist snipe.ly/risk_matrix
  66. 66. https://www.flickr.com/photos/colinkinner/2200500024
  67. 67. May the force be with you
  68. 68. Contact us in it2PROFESSIONAL PHP SERVICES Michelangelo van Dam michelangelo@in2it.be www.in2it.be PHP Consulting - Training - QA
  69. 69. phpcon.eu Ticket sales start soon!
  70. 70. Thank you Have a great conference http://www.flickr.com/photos/drewm/3191872515

×