Security is an enormous topic, and it’s really, really complicated. If you’re not careful, you’ll find yourself vulnerable to any number of attacks which you definitely don’t want to be on the receiving end of. This talk will give you just a taster of the vast array of things there is to know about security in modern web applications, such as writing secure PHP web applications and securing a Linux server. Whether you are writing anything beyond a basic brochure website, or even developing a complicated business web application, this talk will give you insights to some of the things you need to be aware of.
21. Errors, Exceptions & Logging (#6)
Sensitive Information exposure
custom Exception & Error handling
- filter what the end user sees
- Handle API responses in a unified way
28. We are not security experts!
We CAN write secure code
29. We are not security experts!
We CAN write secure code
● Learn more
● Keep it simple
● Think about attack vectors
● Prioritise vulnerabilities
30. ● Be the “threat”
● What do you want?
○ Personal data (name, address, DOB)
○ Sensitive data (credit cards, bank accounts)
○ Cause disruption (downtime)
● How would you do it?
Think Differently