Code Review For Security - Anthony Ferrara

Imagine the day where you get an email from your CEO: "Our site has been hacked! Millions of user records have been leaked! And we're being sued!"... Unfortunately, that situation appears to be quite common place in the modern world. In the past year alone LinkedIn, Sony, Zappos, Twitter, Apple, Yahoo and LastFM (and a lot more) have compromised, leaking over 100 million user records. How has this become common place? Developers traditionally haven't focused on security (that's someone else's problem, right?)... Wrong! Security is everyone's job!

Come and learn more about how to identify and fix security issues! In this workshop, we'll cover the most dangerous and prevalent security vulnerabilities in PHP applications today. We'll look at how those vulnerabilities work under the hood, and how to prevent them. Then, we'll spend time reviewing actual code with actual vulnerabilities. Once we've identified a potential vulnerability, you will actually execute an attack against it! By the end of the workshop, you should be able to identify insecure code and fix it!

Who is the target audience of this workshop?
* Any developer who has preformed code-review before
* Any developer who wants to understand security better

How experienced do I need to be?
* If you understand how to read code, you have enough experience to attend this workshop!

Tutorial requirements:
* A laptop

A cursory understanding of the OWASP Top 10 will be very helpful