Security

Magento has just released the SUPEE-10415 security patch for the following versions:

  • Magento Commerce 1.9.0.0-1.14.3.7 (formerly known as Enterprise Edition)
  • Magento Open Source 1.5.0.0-1.9.3.7 (formerly known as Community Edition)

The patch contains fixed for several security vulnerabilities including cross-site request forgery (CSRF), Denial-of-Service (DoS), and authenticated Admin user remote code execution (RCE).

 

Hacking Your Way to Better Security

DrupalCon: Baltimore 2017

This talk educates junior and mid-level developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, and others. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. We'll then apply this knowledge to see how web applications can be secured against such vulnerabilities.

Hacking Your Way to Better Security

PHP South Africa 2016

The goal of this talk is to educate developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, session hijacking, and insecure direct object references. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples.

Hacking Your Way to Better Security

ZendCon 2016

This talk educates developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, and others. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. We'll then apply this knowledge to see how web applications can be secured against such vulnerabilities.

Hacking Your Way To Better Security

Dutch PHP 2016

The goal of this talk is to educate developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, session hijacking, and insecure direct object references. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples.

Hacking Your Way To Better Security

Lone Star PHP 2016

The goal of this talk is to educate developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, session hijacking, and insecure direct object references. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples.

Hacking Your Way To Better Security

php[tek] 2016

This talk educates developers on common security vulnerabilities, how they are exploited, and how to protect against them. We will explore several of the OWASP top 10 attack vectors, such as SQL injection, XSS, CSRF, and session hijacking. Each topic will be approached from the perspective of an attacker to learn how these vulnerabilities are detected and exploited using several realistic examples. We will then apply this knowledge to learn how web applications can be secured against such vulnerabilities.