August 5, 2020 — At some point in the career of a developer, most will write vulnerable code. Do you need to worry about this? This talk explains why it is important to embrace secure coding practices. You will also learn about common threats and attacks, and how to make code less vulnerable to attack.

Presentation Slides »

September 24, 2018 — BarCamp Track

Presentation Slides »

November 22, 2017 — ¿Has visto alguna vez algún WordPress hackeado? ¿Sabes qué hacer si tienes la mala suerte de tener uno?

En esta charla analizaremos uno de los peores escenarios posibles, un CASO REAL DE UN WORDPRESS HACKEADO con multitud de archivos maliciosos y código ofuscado, donde se esconde una Webshell, un sistema operativo completo, desde la cual el ciberdelincuente (que no hacker) puede realizar un montón de acciones en la instalación comprometida.

Analizaremos el código de los archivos maliciosos, los decodificaremos y uniremos hasta llegar a ver la Webshell y veremos algunos parámetros de seguridad para evitar esto.

Presentation Slides »

March 18, 2017 — Common Security Issues with Plugins

March 16, 2017 — Unfortunately WordPress has reputation of weak security and the web is full of guides and plugins to enhance WordPress security. Unfortunately some advice is misleading or just false sales pitch. Understanding what is truly essential for security and what is irrelevant can be difficult. In this talk I explain, based on my experience of maintaining hundreds of WordPress sites, what I don’t consider relevant and what you don’t need to worry about, and what are the actually important things you need to care for.

October 27, 2016 — According to Google, 55,000 sites got compromised per week. As we know, WordPress runs majority of the content-driven websites in the world. It then became the number one target for hackers and phishing scammers. In this presentation you will learn the What, How, Why, Where, by following an up to date security checklist with steps to prevent and avoid your WordPress getting hacked.

Presentation Slides »

July 3, 2016 — Security can be complex, intimidating, and even frightening. Don’t let the enormity of it scare you into inaction. Learn what some of the security researchers and security professionals deal with, and then find out some simple steps you can take to secure your sites.

Presentation Slides »

January 8, 2016 — Wokół bezpieczeństwa stron opartych o WordPressa narosło wiele mitów, a na ich podstawie cały czas powstają nowe.

Część z nich jest niegroźna, inne prowadzą do bardzo poważnych zagrożeń, nie tylko dla Twojej strony, ale też pozostałych użytkowników internetu, a ich skutki bywają kosztowne. Warto więc zatrzymać się na chwilę i zweryfikować poprawność niektórych popularnych twierdzeń.

Presentation Slides »

January 6, 2016 — Prevention is the key to plugin vulnerabilities! Learn what to look for in your own code to help safeguard from potential issues. A step-by-step guide will be provided on how to avoid vulnerabilities and make your code more secure. With the generosity of popular plugin authors, we will review some recent vulnerabilities found, share how they fixed the problems and discuss the best methods for getting the word out about your plugin once it’s been securely updated. Yes, there will be code.

Presentation Slides »