Overview
Learn how Facebook tackles common web security threats in this 55-minute conference talk from PHP UK 2014. Explore the company's approach to cross-site scripting, cross-site request forgery, and SQL injection through the use of robust security libraries, automated detection systems, and lint rules. Gain insights into real-world attacks faced by Facebook and valuable lessons learned in the process. Delve into topics such as character set reinterpretation, scope guards, cryptography, and clickjacking. Discover practical strategies for identifying and addressing security vulnerabilities using tools like syntaxalgrep. Enhance your web security knowledge with this comprehensive overview of Facebook's battle-tested methods for safeguarding against prevalent online threats.
Syllabus
Intro
Crosssite scripting
Character set reinterpretation
SQL injection
Crosssite request forgery
Scope guards
Cryptography
Syntaxalgrep
Security vulnerabilities
How to deal with vulnerabilities
Clickjacking
Taught by
PHP UK Conference