August 16, 2018 — As more and more services get digital these days, security has become a major aspect of every application. Especially when it comes to third-party code, it is really difficult to guarantee safety. But in general, XSS and Code Injection are a major problem these days.

Content Security Policy provides another layer of security that helps to detect and protect against different attacks. In this talk, I will introduce this concept and its main features, as well as show good and bad example usages.

Presentation Slides »

August 11, 2018 — I will discuss the tactics the attackers use to exploit code, the most common ways developers introduce insecure code to a site, and what you can do to help avoid these issues. You will learn, from the many security failures I have seen what not to do when adding a new feature to a site’s code.

August 11, 2018 — I will discuss the tactics the attackers use to exploit code, the most common ways developers introduce insecure code to a site, and what you can do to help avoid these issues. You will learn, from the many security failures I have seen what not to do when adding a new feature to a site’s code.

August 8, 2018 — AWSってサービスが多くてよく分からない。個人でEC2立てたけどどうしたらいいか分からない。という方、業務でAWSの第一歩を踏み出してみませんか？

いきなりEC2上でWordPressを作るとかだと二の足踏むかと思うので、VPSやレンサバのままで、非常に費用対効果の高い第一歩を踏み出せる話をします。

主に、AWSのWAFを用いたセキュリティ強化やCloudFrontを用いたパフォーマンス強化、S3を用いたソーリーページの構築などのお話をします。

Presentation Slides »

July 28, 2018 — Přednáška od Michala Špačka na téma Co WP neimplementuje zrovna nejlépe.
Pomůže jim to pochopit některá zákoutí bezpečnosti na webu a snad
i pochopit, proč by se mělo řešit to, co se zas tolik neřeší. Jsem tajemný, co?

July 5, 2018 — Content security policies (CSPs) are a relatively new security element on the web horizon. CSPs use browsers to detect and mitigate certain types of attacks like cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSPs can be used for simple purposes like enforcing https on SSL-enabled sites, to more sophisticated uses like authorizing only truly trusted sources and blocking others.

Most sites do not have CSPs installed, but it’s important to be aware of them and how they can be used to add an additional layer of security to your website.

Presentation Slides »

June 11, 2018 — Jim Grant of Simply Creative Media will cover the ins and outs of the importance of WordPress website security, using a SSL (secure sockets layer) certificate and encryption on your website, best practices and WordPress plugins to help you secure your WordPress website.

Presentation Slides »

June 10, 2018 — As someone who builds WordPress websites for clients, you’ve probably learned that offering (or requiring) monthly maintenance contracts is smart business. It’s likely you’re including core software, plugin and theme updates as part of your maintenance plan, which ensures a steady income stream you can rely on and helps with your financial forecasting. But are you including website security as part of your project proposal and scope?

The security of your clients’ websites is often not a priority or is left till the end of a project as an optional add-on for the client to consider after going live. The value of a strong website security posture can be difficult to explain to clients, but when put in the context of their business and possible loss of revenue, it can become an integral part of your offering that separates you from the rest.

In this session, Jamie will cover simple website security best practices that you can implement immediately for your own site and those of your clients. In addition, she’ll also offer advice and examples on how to best present the importance of website security during the proposal, scope, and maintenance package stages to your clients. Not only does this ensure your maintenance plans offer what every website needs, but also presents an additional revenue stream opportunity for your business.

June 4, 2018 — This talk will help you understand a “Big Picture” of why and how WordPress websites get hacked and how to secure them. You will come to know about various attack vectors used by hackers and understand fundamentals on how you can easily defend against them.

You will also get to know about ongoing maintenance required and how you can recover from an Attack.

Takeaways:
Initial Security Setup Checklist
Maintenance Checklist
How to Recover from Hack
Tools & Plugin To Help Secure Your Website

June 4, 2018 — As someone who builds WordPress websites for clients, you’ve probably learned that offering (or requiring) monthly maintenance contracts is smart business. It’s likely you’re including core software, plugin and theme updates as part of your maintenance plan, which ensures a steady income stream you can rely on and helps with your financial forecasting. But are you including website security as part of your project proposal and scope?
The security of your clients’ websites is often not a priority or is left until the end of a project (or sale?) as an optional add-on for the client to consider after going live. The value of a strong website security posture can be difficult to explain to clients, but when put in the context of their business and possible loss of revenue, it can become an integral part of your offering that separates you from the rest.
In this session, Adam will cover simple website security best practices that you can implement immediately for your own site and those of your clients. In addition, he’ll also offer advice and examples on how to best present the importance of website security during the proposal, scope, and maintenance package stages to your clients. Not only does this ensure your maintenance plans offer what every website needs, but also presents an additional revenue stream opportunity for your business.