Pentesting For Developers

Chris Cornutt (19.Apr.2018 at 09:00, 3 hr )
Workshop at Longhorn PHP Conference 2018 (English - US)

Rating: 5 of 5

While secure development practices are an important part of keeping your application and its data protected, you also have to prove your defenses are working. Developers are used to things like unit testing and even functional testing but some feel out of their depth when it comes to security testing. Effective security testing, or pentesting, is easier than you might think.

We’ll start by introducing some of the techniques and tools you can use to test your own applications and finish with a contest to see how much you’ve learned.

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

 
Please note: you are not logged in and will be posting anonymously!
= six minus four

Comments

Rating: 5 of 5

19.Apr.2018 at 11:34 by Eric Poe (84 comments) via Web2 LIVE

This hands-on approach to teaching how to prevent security vulnerabilities made understanding those vulnerabilities easier to understand.

Rating: 5 of 5

19.Apr.2018 at 11:42 by Darren Wright (29 comments) via Web2 LIVE

Really enjoyed the content and the hands-on interaction was invaluable and eye-opening to understanding pentesting processes.

Rating: 5 of 5

19.Apr.2018 at 14:06 by Anderson Fernandes (2 comments) via Web2 LIVE

I had a lot of fun in Chris' session. The material was amazing, the challenges were fun and easy to follow. Looking forward for the extra challenge!

Rating: 2 of 5

19.Apr.2018 at 16:33 by Max Schwanekamp (91 comments) via Web2 LIVE

There was some good information here, but honestly I was expecting a _tutorial_, not just a series of challenges. This was more like where the cartoon dad says "you can die in water. Your life may depend on learning to swim" and you understand and then he just throws you into the pool and says "ok, now swim!". I tried participating at first, but it quickly became apparent that this was not a tutorial session so much as a "fun session" for developers already familiar to some extent with pentesting. I've seen Chris speak previously and was blown away with his presentation so maybe my hopes were set too high, but this one was disappointingly disorganized and under developed.

Speaker comment:

19.Apr.2018 at 16:44 by Chris Cornutt (49 comments) via Web2 LIVE

@max Thanks for the honest feedback - I appreciate it. If I give this one again in the future I may try to tweak the abstract to give a better idea of what it'll be like. Maybe a better mix of basic concepts and challenges rather than the current challenge-heavy split could help with this.

Rating: 5 of 5

20.Apr.2018 at 11:22 by John Congdon (44 comments) via Web2 LIVE

The challenges are fun and interesting to learn the techniques that are used to break into a site.

Rating: 5 of 5

20.Apr.2018 at 14:22 by Jared Cobb (1 comments) via Web2 LIVE

I appreciate when conference have a MIX of intro, intermediate, and advances talks. I'd say this was intermediate level and I followed along just fine.

Chris, I wouldn't water the talk down too much if I were you. Rather, just mention in the abstract that attendees should be familiar with the basics (which I think you actually did on your blog).

Great session!

© Joind.in 2018