No week passes without a new security vulnerability. However, more often it is not a browser, server, or OS that is affected, but a web site. Most often, the same mistakes are made, paired with lazy programmers. This talk seeks to change this and covers securing a PHP-enabled website.
In part I, Christian Wenz examines programming mistakes, how attackers work, and what measures can be taken to avoid traps.
In part II, Ben Ramsey examines security from the server-side and explores best practices for configuring PHP on the server.