Early in the week, I was to the security conferences led by the AFUP about the software security. The main goals of those conferences was to make developers aware of the real dangers of security breaches. The first conference was given by the OWASP organization, a non-profit organization focused on improving security. The main key points of its talk was:
- If your application wasn’t attacked yet, it will be,
- If your are aware of the most critic security risks and you choose to handle them, you could prevent the bigger part of coming attacks,
- You could handle security risk easily with theirs documentations and tools freely available.
The second conference was made by an AFUP member, Christophe Villeneuve, the creator of the elephpant. The talk focused on how to secure you PHP applications. It tooks the most common security risks previously described and explains how to prevent it with PHP language. He deals with subjects like database request escapement, user input cleaning or risky specific language features (PHP-SELF, global, …).
The third and last conference was made by a security engineer of Mozilla to present security solutions added to Firefox OS. She explained last additions like application signature and installation source, permission system or content security policy (CSP). It also was also opportunity to demonstrate the last version of Firefox OS 2.0 and a static JavaScript code analyzer ScanJS.
To conclude, the conferences were interesting and networking very pleasant. I would like to thanks talkers for their time and Mozilla for their premises and I end with some picture of the night and the video will be soon online.