Zero Knowledge; Meeting the Growing Demand for Security and Privacy in a National Security World

We’re being surveilled! Governments and companies collect data. Hackers want that data.

What can software as a service providers do to protect data at rest? What if you need to work with that data? End-to-end encryption isn’t an option, so where do we turn?

In this talk, Ben discusses and demos ways to securely and anonymously handling and distributing sensitive information between users, without allowing the raw data to give anything away.

I did not expect this talk to be about the *implementation* of a zero knowledge application and was pleasantly surprised. Boy Baukema
Wonderfully thought-provoking. I am beginning to try to plan out applications like the one that was described, so there was a lot to take a way, including from a conversation with you later in the day. Christopher Pitt

Writing Viruses for Fun, not Profit

Going viral isn’t always a good thing. Stopping viruses is hard. Let’s work out how viruses hide. Now that you’re thinking like a virus writer, you can anticipate which areas of your applications need hardening. This presentation will feature live demos of writing PHP viruses, and infection of willing targets.

A really fun talk that was engaging and saw into the mind of people out to hurt us. Anthony Ferrara
By far one of the most interesting and enjoyable talks I ever seen. The presentation was dynamic, coding on stage and explaining the concepts. It was really great. Sebastian Machuca
I really enjoyed your talk; it was the stand-out presentation of the conference! — DDD Melbourne Attendee
Very engaging presentation with its live demo, humour and interesting topic. It is always good to learn about things that aren’t always discussed openly. James Gordon

Web Application Security

We've all heard of cross-site scripting attacks. And SQL injection. What about cross-site-request forgeries?

These are just some of the OWASP top ten, but what do they actually look like? We rely on frameworks to abstract these, but understanding then can help your perspective on security.

In this talk, Ben gives live demos of these, and more. Arm yourself with the mindset, tools, and resources required to defend yourself from attack!

I thought I had a good grasp of this stuff but the talk was an eye-opener! Ciaran McNulty
Usually we just hear about the various types of attacks but the demos brought these concepts to life! It is one thing to know them, but seeing them being enacted out in front of me blew me away. Thanks! — Zion Ng
Very informative and detailed presentation. Arul Kumaran

Apigility: Stop Creating APIs The Hard Way

APIs are hard. You need to deal with versioning, validation, authentication, and more. This talk introduces Apigility, a recently released, open source API builder created by ZEND, the company behind the current PHP engine. A demo will take you through the various options to easily get started.

Asynchronous PHP: No Longer a Hack Job

PHP as an event-based programming language? It’s been possible for a while, but in all the wrong ways. There is a better way, and this talk will take you down the ReactPHP rabbit hole and back again in less time that it takes to make 3.6 billion requests!

Good coverage of asynchronicity and a slightly scary coverage of the hoops to jump through to achieve it in PHP. Jacinta Richardson

Opening Doors with JSON Web Tokens

As the old saying goes, when one door closes, it can only be reopened when you have been provided with a valid JSON Web Token with which to identify yourself.

This talk introduces JWT, secure authentication, and delegated authority, to demonstrate how to secure IoT devices without exposing them to the internet.

Forgetting Passwords like a Pro

Passwords are hard. How do you handle, process, store and retrieve them? How to you back your systems up? How do you ensure your customers have secure passwords?

Subscribe to my Newsletter

* indicates a required field

I don't send many updates. I don't like to spam. Let's face it - I've not posted many new articles for a while (although I do plan on changing that). If you subscribe to new articles, I'll send no more than two emails a week. As for workshop and conference information, that'll be as and when I have details. It's not likely to be more than an email a week.