SlideShare a Scribd company logo
1 of 60
Download to read offline
AVOIDING THE OWASP
Top 10 security exploits
Saturday, 5 October, 13
ME
Illustrator turned developer
PHP developer for 8 years
Architect/Developer at FreshBooks
Lead developer of CakePHP
Saturday, 5 October, 13
SECURITY
Saturday, 5 October, 13
SECURITY CONTINUUM
( )unusable unrestricted
Saturday, 5 October, 13
OWASP
Open Web Application Security Project
Saturday, 5 October, 13
OWASP TOP 10
Saturday, 5 October, 13
INJECTION
‘ OR 1=1 ‘--
1Saturday, 5 October, 13
RISKS
Command - Permits arbitrary shell commands.
SQL - Permits query manipulation, and arbitrary SQL.
Bad guys can run arbitrary code/queries.
Saturday, 5 October, 13
$username = $_POST[‘username’];
$password = $_POST[‘password’];
$query = “SELECT * FROM user
WHERE username = ‘$username’
AND password = ‘$password’”;
$user = $db->query($query);
SQL INJECTION EXAMPLE
Saturday, 5 October, 13
$username = “root”;
$password = “‘ OR 1 = 1 --”;
USER INPUT
Saturday, 5 October, 13
FINAL QUERY
$query = “SELECT * FROM user
WHERE username = ‘root’
AND password = ‘‘ OR 1 = 1 --”;
Saturday, 5 October, 13
FINAL QUERY
$query = “SELECT * FROM user
WHERE username = ‘root’
AND password = ‘‘ OR 1 = 1 --”;
Saturday, 5 October, 13
PREVENTION
Use an ORM or Database abstraction layer that
provides escaping. Doctrine, ZendTable, and
CakePHP all do this.
Use PDO and prepared statements.
Never interpolate user data into a query.
Never use regular expressions, magic quotes, or
addslashes()
Saturday, 5 October, 13
EXAMPLE (PDO)
$query = “SELECT * FROM user
WHERE username = ?
AND password = ?”;
$stmt = $db->prepare($query);
$stmt->bindValue($username);
$stmt->bindValue($password);
$result = $db->execute();
Saturday, 5 October, 13
COMMAND INJECTION
$file = $_POST[‘file’];
$res = file_get_contents($file);
echo $res;
Saturday, 5 October, 13
$f = “../../../../../../etc/passwd”;
USER INPUT
Saturday, 5 October, 13
PREVENTION
Escape and validate input.
Check for ..
Check for ;
Ensure the realpath resolves to a file that is allowed.
Saturday, 5 October, 13
2BROKEN AUTHENTICATION
& SESSION MANAGEMENT
/index.php?PHPSESSID=pwned
Saturday, 5 October, 13
RISKS
Identity theft.
Firesheep was an excellent example.
Saturday, 5 October, 13
SESSION FIXATION EXAMPLE
<?php
session_start();
if (isset($_GET[‘sessionid’]) {
session_id($_GET[‘sessionid’]);
}
Saturday, 5 October, 13
SESSION FIXATION EXAMPLE
<?php
session_start();
if (isset($_GET[‘sessionid’]) {
session_id($_GET[‘sessionid’]);
}
Saturday, 5 October, 13
PREVENTION
Rotate session identifiers upon login/logout
Set the HttpOnly flag on session cookies.
Use well tested / mature libraries for authentication.
SSL is always a good idea.
Saturday, 5 October, 13
3XSS
<script>alert(‘cross site scripting’);</script>
Saturday, 5 October, 13
RISKS
Allows bad guys to do things as the person viewing a
page.
Steal identities, passwords, credit cards, hijack pages
and more.
Saturday, 5 October, 13
XSS EXAMPLE
<p>
<?php echo $user[‘bio’]; ?>
</p>
Saturday, 5 October, 13
XSS EXAMPLE
<p>
<?php echo $user[‘bio’]; ?>
</p>
Saturday, 5 October, 13
I know, I can use regular expressions!
Saturday, 5 October, 13
NO
Saturday, 5 October, 13
PREVENTION
Regular expressions and strip_tags leave you
vulnerable.
The only robust solution is output encoding.
Saturday, 5 October, 13
EXAMPLE
<p>
<?php echo htmlentities(
$user[‘bio’],
ENT_QUOTES,
‘UTF-8’
); ?>
</p>
Saturday, 5 October, 13
DANGERS
Manually encoding is error prone, and you will make
a mistake.
Using a template library like Twig that provides auto-
escaping reduces the chances of screwing up.
Encoding is dependent on context.
Saturday, 5 October, 13
4INSECURE DIRECT OBJECT
REFERENCE
Saturday, 5 October, 13
RISKS
Bad guys can access information they shouldn’t
Bad guys can modify data they shouldn’t.
Saturday, 5 October, 13
BROKEN PASSWORD UPDATE
<form action=”/user/update” method=”post”>
<input type=”hidden” name=”userid” value=”4654” />
<input type=”text” name=”new_password” />
<button type=”submit”>Save</button>
</form>
Saturday, 5 October, 13
PREVENTION
Remember hidden inputs are not really hidden, and
can be changed by users.
Validate access to all things, don’t depend on things
being hidden/invisible.
If you need to refer to the current user, use session
data not form inputs.
Whitelist properties any form can update.
Saturday, 5 October, 13
5SECURITY
MISCONFIGURATION
Saturday, 5 October, 13
RISKS
Default settings can be insecure, and intended for
development not production.
Attackers can use misconfigured software to gain
knowledge and access.
Saturday, 5 October, 13
PREVENTION
Know the tools you use, and configure them
correctly.
Keep up to date on vulnerabilities in the tools you
use.
Remove/disable any services/features you aren’t using.
Saturday, 5 October, 13
6SENSITIVE DATA EXPOSURE
4012 8888 8888 1881
Saturday, 5 October, 13
RISKS
Bad guys get credit cards, personal identification,
passwords or health records.
Your company could be fined or worse.
Saturday, 5 October, 13
ASSESSING RISK
Do you have sensitive data?
Is it in plaintext?
Any old/bad crypto in use?
Missing SSL?
Who can access sensitive data?
Saturday, 5 October, 13
7MISSING FUNCTION LEVEL
ACCESS CONTROL
Saturday, 5 October, 13
RISKS
Anyone on the internet can request things.
Missing access control could mean bad guys can do
things they shouldn’t be able to.
Saturday, 5 October, 13
PREVENTION
No simple solutions sadly.
Good automated tests help.
Saturday, 5 October, 13
8CROSS SITE REQUEST
FORGERY
(CSRF)
Saturday, 5 October, 13
RISKS
Evil websites can perform actions for users logged
into your site.
Side effects on GET can be performed via images or
CSS files.
Remember the Gmail contact hack.
Saturday, 5 October, 13
CSRF EXAMPLE
Your app
Evil site
Saturday, 5 October, 13
CSRF EXAMPLE
Your app
Evil site
Login
Saturday, 5 October, 13
CSRF EXAMPLE
Your app
Evil site
Login
Accidentally visit
Saturday, 5 October, 13
CSRF EXAMPLE
Your app
Evil site
Login
Accidentally visit
Submit form for evil
Saturday, 5 October, 13
PREVENTION
Add opaque expiring tokens to all forms.
Requests missing tokens or containing invalid tokens
should be rejected.
Saturday, 5 October, 13
SAMPLE CSRFVALIDATION
<?php
if (!$this->validCsrfToken($data, ‘csrf’)) {
throw new ForbiddenException();
}
Saturday, 5 October, 13
9USING COMPONENTS WITH
KNOWNVULNERABILITIES
CVE bingo
Saturday, 5 October, 13
RISK
Using old busted software can expose you to
documented issues.
CVE databases are filled with version numbers and
matching exploits.
Saturday, 5 October, 13
PREVENTION
Do routine upgrades. Keep up to date with all your
software.
Read mailing lists and keep an eye out for security
releases.
Saturday, 5 October, 13
PREVENTION
Several vulnerability databases around.
https://cve.mitre.org/cve/
Saturday, 5 October, 13
10UNVALIDATED REDIRECTS &
FORWARDS
Saturday, 5 October, 13
RISKS
Trusting user input for redirects opens phishing
attacks.
Breach of trust with your users.
Saturday, 5 October, 13
PREVENTION
Don’t trust user data when handling redirects.
Saturday, 5 October, 13
THANKYOU
Saturday, 5 October, 13

More Related Content

Viewers also liked

OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013tmd800
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavOWASP Delhi
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013   A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 Sorina Chirilă
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration Tariq Islam
 
Security Misconfiguration (OWASP Top 10 - 2013 - A5)
Security Misconfiguration (OWASP Top 10 - 2013 - A5)Security Misconfiguration (OWASP Top 10 - 2013 - A5)
Security Misconfiguration (OWASP Top 10 - 2013 - A5)Pichaya Morimoto
 
Presentation 2013 09-13 Thai Logistics Standard to World Class Logistics
Presentation 2013 09-13 Thai Logistics Standard to World Class LogisticsPresentation 2013 09-13 Thai Logistics Standard to World Class Logistics
Presentation 2013 09-13 Thai Logistics Standard to World Class LogisticsNopporn Thepsithar
 
Scared Straight: Mitigating OWASP Top 10 with PHP
Scared Straight: Mitigating OWASP Top 10 with PHPScared Straight: Mitigating OWASP Top 10 with PHP
Scared Straight: Mitigating OWASP Top 10 with PHPJohn Kary
 
Null Singapore 2015 accomplishments
Null Singapore 2015 accomplishmentsNull Singapore 2015 accomplishments
Null Singapore 2015 accomplishmentsMohammed A. Imran
 
AppSec Latam 2011 - Treinamento OWASP Top 10 + JavaEE
AppSec Latam 2011 - Treinamento OWASP Top 10 + JavaEEAppSec Latam 2011 - Treinamento OWASP Top 10 + JavaEE
AppSec Latam 2011 - Treinamento OWASP Top 10 + JavaEEMagno Logan
 
OWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHPOWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHPCarlos Serrao
 
Apresentação OWASP - UBI, Covilhã
Apresentação OWASP - UBI, CovilhãApresentação OWASP - UBI, Covilhã
Apresentação OWASP - UBI, CovilhãCarlos Serrao
 
OWASP Top 10 2010 para JavaEE (pt-BR)
OWASP Top 10 2010 para JavaEE (pt-BR)OWASP Top 10 2010 para JavaEE (pt-BR)
OWASP Top 10 2010 para JavaEE (pt-BR)Magno Logan
 

Viewers also liked (20)

OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 
DFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar YadavDFIR using Docker Containers by Deep Shankar Yadav
DFIR using Docker Containers by Deep Shankar Yadav
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013   A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
 
Security Misconfiguration (OWASP Top 10 - 2013 - A5)
Security Misconfiguration (OWASP Top 10 - 2013 - A5)Security Misconfiguration (OWASP Top 10 - 2013 - A5)
Security Misconfiguration (OWASP Top 10 - 2013 - A5)
 
Presentation 2013 09-13 Thai Logistics Standard to World Class Logistics
Presentation 2013 09-13 Thai Logistics Standard to World Class LogisticsPresentation 2013 09-13 Thai Logistics Standard to World Class Logistics
Presentation 2013 09-13 Thai Logistics Standard to World Class Logistics
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top Ten
 
Scared Straight: Mitigating OWASP Top 10 with PHP
Scared Straight: Mitigating OWASP Top 10 with PHPScared Straight: Mitigating OWASP Top 10 with PHP
Scared Straight: Mitigating OWASP Top 10 with PHP
 
Pp+บุหรี่..
Pp+บุหรี่..Pp+บุหรี่..
Pp+บุหรี่..
 
Null Singapore 2015 accomplishments
Null Singapore 2015 accomplishmentsNull Singapore 2015 accomplishments
Null Singapore 2015 accomplishments
 
AppSec Latam 2011 - Treinamento OWASP Top 10 + JavaEE
AppSec Latam 2011 - Treinamento OWASP Top 10 + JavaEEAppSec Latam 2011 - Treinamento OWASP Top 10 + JavaEE
AppSec Latam 2011 - Treinamento OWASP Top 10 + JavaEE
 
OWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHPOWASP @ ISCTE-IUL, Criptografia em PHP
OWASP @ ISCTE-IUL, Criptografia em PHP
 
Apresentação OWASP - UBI, Covilhã
Apresentação OWASP - UBI, CovilhãApresentação OWASP - UBI, Covilhã
Apresentação OWASP - UBI, Covilhã
 
OWASP - Ferramentas
OWASP - FerramentasOWASP - Ferramentas
OWASP - Ferramentas
 
OWASP Top 10 2010 para JavaEE (pt-BR)
OWASP Top 10 2010 para JavaEE (pt-BR)OWASP Top 10 2010 para JavaEE (pt-BR)
OWASP Top 10 2010 para JavaEE (pt-BR)
 

Similar to OWASP Top 10 2013

Repsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application SecurityRepsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application SecurityAaron Bedra
 
Advanced App Building - Tips, Tricks & Lessons Learned
Advanced App Building - Tips, Tricks & Lessons LearnedAdvanced App Building - Tips, Tricks & Lessons Learned
Advanced App Building - Tips, Tricks & Lessons LearnedJay Graves
 
Passing a Front end Developer interview
Passing a Front end Developer interview Passing a Front end Developer interview
Passing a Front end Developer interview tonyfarnsworth
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouE Hacking
 
Keeping it small - Getting to know the Slim PHP micro framework
Keeping it small - Getting to know the Slim PHP micro frameworkKeeping it small - Getting to know the Slim PHP micro framework
Keeping it small - Getting to know the Slim PHP micro frameworkJeremy Kendall
 
Building Modern and Secure PHP Applications – Codementor Office Hours with Be...
Building Modern and Secure PHP Applications – Codementor Office Hours with Be...Building Modern and Secure PHP Applications – Codementor Office Hours with Be...
Building Modern and Secure PHP Applications – Codementor Office Hours with Be...Arc & Codementor
 
OWASP, PHP, life and universe
OWASP, PHP, life and universeOWASP, PHP, life and universe
OWASP, PHP, life and universeSebastien Gioria
 
Tulsa techfest2010 security
Tulsa techfest2010   securityTulsa techfest2010   security
Tulsa techfest2010 securityJason Ragsdale
 
Specking Interactors with PHPSpec and YOLO (DDD) at PHPConference Argentina 2013
Specking Interactors with PHPSpec and YOLO (DDD) at PHPConference Argentina 2013Specking Interactors with PHPSpec and YOLO (DDD) at PHPConference Argentina 2013
Specking Interactors with PHPSpec and YOLO (DDD) at PHPConference Argentina 2013cordoval
 
Engineering culture
Engineering cultureEngineering culture
Engineering culturePamela Fox
 
Simplified security code review - BSidesQuebec2013
Simplified security code review - BSidesQuebec2013Simplified security code review - BSidesQuebec2013
Simplified security code review - BSidesQuebec2013BSidesQuebec2013
 
Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)James Titcumb
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threatAvădănei Andrei
 

Similar to OWASP Top 10 2013 (20)

2013 - Mark story - Avoiding the Owasp
2013 - Mark story - Avoiding the Owasp2013 - Mark story - Avoiding the Owasp
2013 - Mark story - Avoiding the Owasp
 
Armorizing applications
Armorizing applicationsArmorizing applications
Armorizing applications
 
Repsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application SecurityRepsheet: A Behavior Based Approach to Web Application Security
Repsheet: A Behavior Based Approach to Web Application Security
 
Advanced App Building - Tips, Tricks & Lessons Learned
Advanced App Building - Tips, Tricks & Lessons LearnedAdvanced App Building - Tips, Tricks & Lessons Learned
Advanced App Building - Tips, Tricks & Lessons Learned
 
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım GüvenliğiBünyamin Demir - 10 Adımda Yazılım Güvenliği
Bünyamin Demir - 10 Adımda Yazılım Güvenliği
 
Passing a Front end Developer interview
Passing a Front end Developer interview Passing a Front end Developer interview
Passing a Front end Developer interview
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing You
 
Keeping it small - Getting to know the Slim PHP micro framework
Keeping it small - Getting to know the Slim PHP micro frameworkKeeping it small - Getting to know the Slim PHP micro framework
Keeping it small - Getting to know the Slim PHP micro framework
 
Building Modern and Secure PHP Applications – Codementor Office Hours with Be...
Building Modern and Secure PHP Applications – Codementor Office Hours with Be...Building Modern and Secure PHP Applications – Codementor Office Hours with Be...
Building Modern and Secure PHP Applications – Codementor Office Hours with Be...
 
Storyplayer
StoryplayerStoryplayer
Storyplayer
 
OWASP, PHP, life and universe
OWASP, PHP, life and universeOWASP, PHP, life and universe
OWASP, PHP, life and universe
 
2014 06-05-mozilla-afup
2014 06-05-mozilla-afup2014 06-05-mozilla-afup
2014 06-05-mozilla-afup
 
Tulsa techfest2010 security
Tulsa techfest2010   securityTulsa techfest2010   security
Tulsa techfest2010 security
 
Specking Interactors with PHPSpec and YOLO (DDD) at PHPConference Argentina 2013
Specking Interactors with PHPSpec and YOLO (DDD) at PHPConference Argentina 2013Specking Interactors with PHPSpec and YOLO (DDD) at PHPConference Argentina 2013
Specking Interactors with PHPSpec and YOLO (DDD) at PHPConference Argentina 2013
 
Engineering culture
Engineering cultureEngineering culture
Engineering culture
 
Simplified security code review - BSidesQuebec2013
Simplified security code review - BSidesQuebec2013Simplified security code review - BSidesQuebec2013
Simplified security code review - BSidesQuebec2013
 
Secure pl-sql-coding
Secure pl-sql-codingSecure pl-sql-coding
Secure pl-sql-coding
 
Edinburgh
EdinburghEdinburgh
Edinburgh
 
Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)Dip Your Toes in the Sea of Security (PHP Cambridge)
Dip Your Toes in the Sea of Security (PHP Cambridge)
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 

More from markstory

Dependency injection in CakePHP
Dependency injection in CakePHPDependency injection in CakePHP
Dependency injection in CakePHPmarkstory
 
Safer, More Helpful CakePHP
Safer, More Helpful CakePHPSafer, More Helpful CakePHP
Safer, More Helpful CakePHPmarkstory
 
CakePHP - The Road Ahead
CakePHP - The Road AheadCakePHP - The Road Ahead
CakePHP - The Road Aheadmarkstory
 
Future of HTTP in CakePHP
Future of HTTP in CakePHPFuture of HTTP in CakePHP
Future of HTTP in CakePHPmarkstory
 
CakePHP mistakes made 2015
CakePHP mistakes made 2015CakePHP mistakes made 2015
CakePHP mistakes made 2015markstory
 
New in cakephp3
New in cakephp3New in cakephp3
New in cakephp3markstory
 
CakePHP 3.0 and beyond
CakePHP 3.0 and beyondCakePHP 3.0 and beyond
CakePHP 3.0 and beyondmarkstory
 
CakePHP mistakes made confoo 2015
CakePHP mistakes made confoo 2015CakePHP mistakes made confoo 2015
CakePHP mistakes made confoo 2015markstory
 
CakePHP mistakes made
CakePHP mistakes madeCakePHP mistakes made
CakePHP mistakes mademarkstory
 
Performance and optimization CakeFest 2014
Performance and optimization CakeFest 2014Performance and optimization CakeFest 2014
Performance and optimization CakeFest 2014markstory
 
Road to CakePHP 3.0
Road to CakePHP 3.0Road to CakePHP 3.0
Road to CakePHP 3.0markstory
 
Performance and optimization
Performance and optimizationPerformance and optimization
Performance and optimizationmarkstory
 
CakePHP the yum & yuck
CakePHP the yum & yuckCakePHP the yum & yuck
CakePHP the yum & yuckmarkstory
 
Introduction to Twig
Introduction to TwigIntroduction to Twig
Introduction to Twigmarkstory
 
Simple search with elastic search
Simple search with elastic searchSimple search with elastic search
Simple search with elastic searchmarkstory
 
Intro to continuous integration
Intro to continuous integration Intro to continuous integration
Intro to continuous integration markstory
 
Evented applications with RabbitMQ and CakePHP
Evented applications with RabbitMQ and CakePHPEvented applications with RabbitMQ and CakePHP
Evented applications with RabbitMQ and CakePHPmarkstory
 
Ch ch-changes cake php2
Ch ch-changes cake php2Ch ch-changes cake php2
Ch ch-changes cake php2markstory
 
PHPunit and you
PHPunit and youPHPunit and you
PHPunit and youmarkstory
 

More from markstory (20)

Dependency injection in CakePHP
Dependency injection in CakePHPDependency injection in CakePHP
Dependency injection in CakePHP
 
Safer, More Helpful CakePHP
Safer, More Helpful CakePHPSafer, More Helpful CakePHP
Safer, More Helpful CakePHP
 
CakePHP - The Road Ahead
CakePHP - The Road AheadCakePHP - The Road Ahead
CakePHP - The Road Ahead
 
Future of HTTP in CakePHP
Future of HTTP in CakePHPFuture of HTTP in CakePHP
Future of HTTP in CakePHP
 
CakePHP mistakes made 2015
CakePHP mistakes made 2015CakePHP mistakes made 2015
CakePHP mistakes made 2015
 
New in cakephp3
New in cakephp3New in cakephp3
New in cakephp3
 
PHP WTF
PHP WTFPHP WTF
PHP WTF
 
CakePHP 3.0 and beyond
CakePHP 3.0 and beyondCakePHP 3.0 and beyond
CakePHP 3.0 and beyond
 
CakePHP mistakes made confoo 2015
CakePHP mistakes made confoo 2015CakePHP mistakes made confoo 2015
CakePHP mistakes made confoo 2015
 
CakePHP mistakes made
CakePHP mistakes madeCakePHP mistakes made
CakePHP mistakes made
 
Performance and optimization CakeFest 2014
Performance and optimization CakeFest 2014Performance and optimization CakeFest 2014
Performance and optimization CakeFest 2014
 
Road to CakePHP 3.0
Road to CakePHP 3.0Road to CakePHP 3.0
Road to CakePHP 3.0
 
Performance and optimization
Performance and optimizationPerformance and optimization
Performance and optimization
 
CakePHP the yum & yuck
CakePHP the yum & yuckCakePHP the yum & yuck
CakePHP the yum & yuck
 
Introduction to Twig
Introduction to TwigIntroduction to Twig
Introduction to Twig
 
Simple search with elastic search
Simple search with elastic searchSimple search with elastic search
Simple search with elastic search
 
Intro to continuous integration
Intro to continuous integration Intro to continuous integration
Intro to continuous integration
 
Evented applications with RabbitMQ and CakePHP
Evented applications with RabbitMQ and CakePHPEvented applications with RabbitMQ and CakePHP
Evented applications with RabbitMQ and CakePHP
 
Ch ch-changes cake php2
Ch ch-changes cake php2Ch ch-changes cake php2
Ch ch-changes cake php2
 
PHPunit and you
PHPunit and youPHPunit and you
PHPunit and you
 

Recently uploaded

Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 

Recently uploaded (20)

Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
The Metaverse: Are We There Yet?
The  Metaverse:    Are   We  There  Yet?The  Metaverse:    Are   We  There  Yet?
The Metaverse: Are We There Yet?
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 

OWASP Top 10 2013