Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

90K Reasons Security is a Must - PHPWorld 2014

1,840 views

Published on

We all have focussed on best practices and code quality over the past years, but we seemed to forgot the most important aspect of the web: security. This talk gives a good overview on your first-line of defence in your code, how to ensure that new exploits and hacking techniques are covered with tests and how you build solid web applications that secured enough to keep script kiddies and wanna-be hackers away. I will also give some tips what to do when you're company becomes victim of cyber crime.

Published in: Internet, Engineering
  • I'll tell you right now (and I've got proof), that anyone who tells you "size doesn't matter to women" is flat out lying to your face and trying to make you feel better... Heck, just recently I asked a focus group of women via an anonymous online survey if size matters, and again and again they said "Oh my god, I HATE IT when it's SMALL." For a long time I didn't know what to tell the guys who'd write in to me and ask how to get "bigger." I'd say something lame like "Women actually like guys who are smaller... you just have to get good with your hands." Then I found "THE BIBLE of Penis Enlargement" by this guy named John Collins ▲▲▲ http://ishbv.com/pebible/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • We called it "operation mind control" - as we discovered a simple mind game that makes a girl become obsessed with you. (Aand it works even if you're not her type or she's already dating someone else) Here's how we figured it out... ▲▲▲ https://tinyurl.com/y52uv4vq
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hey guys! Who wants to chat with me? More photos with me here 👉 http://www.bit.ly/katekoxx
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

90K Reasons Security is a Must - PHPWorld 2014

  1. 1. in 2 it PROFESSIONAL PHP SERVICES 2 https://www.flickr.com/photos/buschap/3112239016 90K reasons why security is a must
  2. 2. About a year ago 2
  3. 3. A year later 3
  4. 4. Today, 2 months later 4
  5. 5. 5 https://www.flickr.com/photos/andymag/9349743409
  6. 6. Neverending awareness 6 https://www.flickr.com/photos/yonolatengo/8338597558
  7. 7. Why bother? 7 https://www.flickr.com/photos/emagic/56206868
  8. 8. 8 In the news… https://www.flickr.com/photos/39908901@N06/6923408938
  9. 9. Yes, you’re a target! 9 https://www.flickr.com/photos/jeepersmedia/14546059371
  10. 10. Email addresses are valuable! 10 https://www.flickr.com/photos/horiavarlan/4514164700
  11. 11. One password, many sites! 11 abc123
  12. 12. Advice on tools!!! Password managers! 12
  13. 13. 2-factor authentication http://www.google.com/landing/2step/ 13
  14. 14. Or just use SMS http://twillio.com 14
  15. 15. Who’s after my data? 15 https://www.flickr.com/photos/teegardin/6093810333
  16. 16. Script kiddies 16
  17. 17. Amateur hacker 17 https://www.flickr.com/photos/hackny/6203305706
  18. 18. Professional hacker 18 https://www.flickr.com/photos/equinoxefr/6857174987
  19. 19. Business Competition 19 https://www.flickr.com/photos/haggismac/5090028513
  20. 20. Governments 20 https://www.flickr.com/photos/defenceimages/7985695591
  21. 21. What to do against it? 21 https://www.flickr.com/photos/drachmann/327122302
  22. 22. Cultural differences 22 https://www.flickr.com/photos/robdeman/2390666040
  23. 23. Legal regulations 23 https://www.flickr.com/photos/puisney/1674586821
  24. 24. Architectural considerations 24 https://www.flickr.com/photos/niftyniall/12768922813
  25. 25. Restrict physical access 25 https://www.flickr.com/photos/zapthedingbat/487133720
  26. 26. Secure your network 26 https://www.flickr.com/photos/99279135@N05/14618342277
  27. 27. Extra care for privacy data 27 https://www.flickr.com/photos/hyku/368912557
  28. 28. Use encryption 28 https://www.flickr.com/photos/ideonexus/5175383269
  29. 29. Lock down your application 29 https://www.flickr.com/photos/simon_cocks/4534589059
  30. 30. Create security checkpoints 30 https://www.flickr.com/photos/paulk/2212992458
  31. 31. Track movements 31 https://www.flickr.com/photos/timsamoff/362730755
  32. 32. Code considerations 32 https://www.flickr.com/photos/nyuhuhuu/4443886636
  33. 33. Security is not an afterthought! 33 https://www.flickr.com/photos/webb-zahn/10971215425
  34. 34. Little bobby tables xkcd.com/327 34
  35. 35. Sanitise data, always <?php $id = $_GET['id']; // sanitise tainted data $clean_id = filter_var($id, FILTER_SANITIZE_NUMBER_INT); $clean_id = filter_var($clean_id, FILTER_VALIDATE_INT); if (0 < $clean_id) { $stmt = $pdo->prepare( 'SELECT * FROM TABLE WHERE `id` = ?' ); $stmt->bindParam(1, $clean_id, PDO::PARAM_INT); $stmt->execute(); } 35
  36. 36. 36
  37. 37. Use the right tool for the job 37 https://www.flickr.com/photos/florianric/7263382550
  38. 38. 38
  39. 39. 39
  40. 40. Layered security 40 https://www.flickr.com/photos/feesta/2700575201
  41. 41. You know all this, right! 41 https://www.flickr.com/photos/sarahreido/3120877348
  42. 42. Victim of an attack? 42 https://www.flickr.com/photos/marittoledo/8512244945
  43. 43. Know you’ve been hacked! 43
  44. 44. Inform everyone ASAP! 44 https://www.flickr.com/photos/bluerobot/5490728061
  45. 45. Get security advise! 45
  46. 46. Inform the world 46
  47. 47. Your turn 47 https://www.flickr.com/photos/tmab2003/4277896845
  48. 48. Spread the word 48 https://www.flickr.com/photos/suneko/373310729
  49. 49. Comment on “bad” practices 49 https://www.flickr.com/photos/sebastian_bergmann/3991539605
  50. 50. Learn about the risks 50
  51. 51. Learn the basics of hacking hack.me 51
  52. 52. Use hack cheat sheets ha.ckers.org 52
  53. 53. Continuously unit test! 53
  54. 54. Other resources… 54
  55. 55. PHP Security Checker https://github.com/psecio/parse 55
  56. 56. Essential PHP Security 56
  57. 57. Security Checklist snipe.ly/risk_matrix 57
  58. 58. May the force be with you 58
  59. 59. Questions 59 https://www.flickr.com/photos/colinkinner/2200500024
  60. 60. joind.in/11858 If you like it, thanks. If you don’t, please tell me how to improve 60
  61. 61. Contact us Consulting - Training - Audits - Graphics www.in2it.be - info@in2it.be 61
  62. 62. 62 https://www.flickr.com/photos/psd/2086641

×