Saying “Security is important” is a bit like saying “Atlanta weather can be unpredictable”. That being said, it’s unfortunately pretty tough to get everything correct, since all parts of the overall application must be working in harmony; one problem in one area of the application can bring the system down.
Focusing solely on PHP for this presentation, we start out by going through a few recent security advisories from popular frameworks and content management systems. After that, we do an Audience Participation segment to review some tricky-to-spot code flaws from RIPS Technologies. Finally, we discuss how to keep potentially-bad code out of the codebase.