Writing secure software is hard. Even if our employers or managers ignore the risks, we as software engineers have an ethical obligation to deliver secure software. But with thousands of potential weaknesses, where do we start?
The OWASP Top 10 is a list of the ten most critical security risks to web applications based on data and broad consensus. While the Top 10 is far from an exhaustive list, it is a great first step to increase security awareness. In this talk we will look at the latest version of the Top 10 in the context of PHP, and look at how we can mitigate those risks in our applications.
This talk is aimed at PHP developers who want to learn about the top 10 web application security risks and how to mitigate them.