Securing Legacy Applications

Chris Cornutt (08.Feb.2019 at 16:00, 1 hr )
Talk at SunshinePHP 2019 (English - US)

Rating: 5 of 5

It’s common to hear people preach "plan in security from the start" and in an ideal world, you can. Here in the real world, though, we have legacy code that’s gathered over time and comes with a host of problems – (in)security included. What do you do when you’ve been commissioned with securing an application that’s showing its age? Follow along with me as I step you through a list of tips and tricks you can use to discover security issues in your application and effectively fix them and secure your application.

Topics will include some of the most common vulnerability types, key places to look for potential issues and arm you with the tools and knowledge you’ll need to refactor that legacy application into something secure.

Who are you?

Claim talk

Talk claims have been moved to the new site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

Please note: you are not logged in and will be posting anonymously!
= three plus five


Rating: 5 of 5

08.Feb.2019 at 16:53 by Chris Gearhart (9 comments) via Web2 LIVE

Great talk, very knowledgeable, you covered things that I will take back to my team that they can use even on new applications they are building.

Rating: 4 of 5

09.Feb.2019 at 08:28 by Christopher Wilson (11 comments) via Web2 LIVE

This talk felt aimed at legacy code that didn't have a lot of security in place. Everything the speaker said was good advice. Maybe next time there could be some in-depth examples of how to find and fix potential exploits. Walking through the process of identifying a csrf vulnerability and the process of implementing a patch would be helpful. Trouble is, you need an example of legacy code, and that will look different for everyone.

Very much enjoyed the talk.

Rating: 5 of 5

10.Feb.2019 at 11:03 by Michael Larsen (10 comments) via Web2 LIVE

Great insights and tools to go home and practice.

Rating: 4 of 5

11.Feb.2019 at 09:49 by Miro Svrtan (213 comments) via Web2 LIVE

It seems everyone has a different definition of legacy: for me it's a 5y old Symfony2 or similar beast, for Chris it's code from when dinasours roamed the earth (circa 2005).

Speaker brought up really interesting things (which was a nice referesher for me as I was blessed not to have to handle those types of issues for like a decade).

For 5*: I would suggest showing more code examples and how to solve them instead of just going thru the theory: I feel that people who have to handle those kinds of issues in these days would get much more value.

© 2019