Aller au contenu
AFUP AFUP Day 2025 Baromètre Planète PHP PUFA
 

How your PHP application can get hacked, and how to prevent that from happening?

Description

You’ve probably heard about XSS, SQL Injection, and RCE. Very few developers out there have witnessed first-hand what exploiting any of the mentioned vulnerabilities looks like, and therefore don’t necessarily understand the consequences that having such vulnerabilities in your application can have. In this talk, we’ll exploit some commonly known vulnerabilities (OWASP top 10) and misconfigurations that can occur to a PHP application running on a Linux based host. By learning to think like a hacker you’ll be able to develop more secure applications with PHP, and to keep your users, clients, and yourself safe.

This presentation consists of security concept theory sections from PHP developers' point-of-view and a few hands-on hacking demonstrations. At the end of the presentation, we go through a set of concrete action steps to secure our applications from the vulnerabilities we learned about earlier.

Conférence donnée lors du Forum PHP 2020, ayant eu lieu les 22 et 23 octobre 2020.

Informations complémentaires

Vidéo

Le speaker

Antti RÖSSI

Antti is an IT entrepreneur, a PHP enthusiast, and an OSCP certified white-hat hacker based in Helsinki Finland. During the daytime, he’s leading an innovative recruitment technology company called Jobilla, where he’s mainly focusing hands-on in the product design and development processes day-to-day. For the night time and weekends, he turns into a white hat hacker that loves to solve CTF challenges and puzzles and to spend time penetration testing software in bug bounty programs in order to make the web a safer place for us all. He is passionate about teaching fellow developers about software security (especially within the PHP community), and is known for concrete hands-on oriented presentations and workshops.

Commentaires

Very good talk, 15mn more would be perfect
Fabien Perrichon, le 22/10/2020
Very good ! Nice to have security talk :)
Quentin Bihet, le 22/10/2020
Very good talk! Even though OWASP top10 is discussed, applied examples give a different angle to the talk and make it stand out compared to the baseline usual OWASP top ten talks we are already used to.
Thomas Dutrion, le 22/10/2020
Fantastic talk ! Very helpful to understand how hacking works and how to protect your project. Only thing it was missing was time, 15 minutes more would have been good.
Tiphaine Surygala, le 22/10/2020
Very interesting, would love to listen/read more content on this topic
Yann Eugoné, le 22/10/2020
Very good talk.
François D., le 22/10/2020
Great talk ! Learned a lot !
Magali Milbergue, le 22/10/2020
Très intéressant, le heads up sur l'injection d'objet.
OLIVRIN Guillaume, le 22/10/2020
Interesting, I already has a training on php security, but I learn new things !
Grégory Pelletier, le 22/10/2020
Interresting, nice to be aware of php security
Quentin Barloy, le 23/10/2020
Nice talk, an important topic explained with good examples!
Lucas Legname, le 23/10/2020
Very interesting, with great examples. I would have listened to a longer conf :)
Solène Garda-Krebs, le 23/10/2020
Very interesting ! We need to know the basics of hacking to avoid it in our code
Maxime Huran, le 26/10/2020