Web Application Security


Even the simplest web application has so many vectors of attack, it’s no wonder most people forget at least one. Web applications aren’t stand-alone; they are built upon frameworks, upon platforms, upon core libraries, each of which could suffer from vulnerabilities you’re not only unaware of, you’re statistically unlikely to discover them all. Consider, for example, OpenSSL's infamous “Heartbleed” Bug.

We hear about security vulnerabilities every week, now it’s time to experience them. Find out what the leading concerns are, and the not so common ones too, and experience live demonstrations of how these attacks play out.

This presentation aims to arm you with the mindset, tools and resources to minimise the opportunities for attack, and to reduce the fallout when they succeed. From cross-site scripting and session hijacking to brute force and man-in-the-middle attacks, you’re expected to cover all your bases so the bad guys can’t use a single one.


I thought I had a good grasp of this stuff but the talk was an eye-opener! Ciaran McNulty
Usually we just hear about the various types of attacks but the demos brought these concepts to life! It is one thing to know them, but seeing them being enacted out in front of me blew me away. Thanks! — Zion Ng
Very informative and detailed presentation. Arul Kumaran
Image for

Previously Presented At

ScaleConf 2019
Starts: 7 Mar 2019
Ends: 8 Mar 2019
Each year ScaleConf brings international and local experts together to share their experience scaling websites and services using modern technologies and philosophies.
Where: Cape Town, South Africa
International PHP Conference
Starts: 6 Jun 2018
Where: Berlin, Germany
Starts: 23 Sep 2015
Where: Singapore
YOW! West
Starts: 27 May 2015
Where: Perth, Australia
New Zealand PHP Conference
Starts: 28 Aug 2014
Where: Wellington, New Zealand
Melbourne PHP Users Group
Starts: 19 Aug 2014
Where: Melbourne, Australia

Subscribe to my Newsletter

* indicates a required field

I don't send many updates. I don't like to spam. Let's face it - I've not posted many new articles for a while (although I do plan on changing that). If you subscribe to new articles, I'll send no more than two emails a week. As for workshop and conference information, that'll be as and when I have details. It's not likely to be more than an email a week.