September 15, 2015 — Une introduction a comment écrire du code sécure pour WordPress.
Un apperçu des vulnérabilité les plus commune et comment protéger son code.
Un survol qui inclut:
Bien utiliser les fonctions: esc_url(), esc_html(), esc_attr(), esc_js et wp_json_encode()
Se protéger contres les Injections SQL
Nettoyer des donnés de l’utilisateur
Comment utiliser des nonces
Utiliser Current_user_can pour les permissions d’utilisateurs

Préalables:
Cette conférence est pour les gens qui ont commencé à modifié le code PHP dans les fichiers de leur thème. Elle va vous donner une idée de comment le faire de façon sécure. C’est aussi un bon rappel pour les développeurs intermédiaires et avancés.

Presentation Slides »

August 20, 2015 — Геннадий покажет на практике, как можно написать уязвимый код выполняя фиктивное техническое задание, использовать написаные уязвимости для собственной выгоды, и конечно-же, закрыть уязвимость.

Presentation Slides »

August 11, 2015 — This session takes a looks at WordPress Security. It will address concerns of the general user, how WordPress sites are generally hacked, the need for an international security standard in WordPress. The session describes the top 10 vulnerabilities as listed in OWASP.

Presentation Slides »

August 6, 2015 — After working on BruteProtect, a plugin that was acquired by Automattic, I’d like share the knowledge I wish I knew 2 years ago when I first started with WordPress. I’ll discuss plugin file structure, short codes, security, and private deployment to multiple client installs. We’ll discuss MVC structure, in which your logic is separate from your UI.

I build WordPress websites and apps for the Hotchkiss Consulting Group. My blog can be found at roccotripaldi.com

August 5, 2015 — Theme security is an intimidating topic for both new and experienced developers but ignoring the issue will make you a target and leave your site vulnerable to attacks. In this talk you’ll learn theme security best practices, the common types of attacks, and many of the functions that WordPress and PHP provide to keep your site safe.

August 3, 2015 — No matter the niche, website security is important to everyone doing business on the Internet. Simply existing on the Web turns users into virtual targets for digital thieves and opportunists.
While seemingly mysterious, and often over-complicated, proper security begins with a basic understanding of do’s and don’t’s, and why’s and why not’s. Let’s cut through the red tape and talk about what matters: knowing how to protect your business on the Internet.

Presentation Slides »

August 3, 2015 — There’s a lot of information out there on making WordPress as secure as possible. Some of it is great and some of it, well, not so great. My session will walk users through numerous tips and tricks for securing WordPress the right way from the start. In addition we’ll look at a few security misconceptions in an attempt to sort the good information from the bad and keep you from becoming the next victim.

August 1, 2015 — Sam was the creator of BruteProtect, a WordPress security plugin acquired by Automattic in August 2014. He now works on the Jetpack team at Automattic, with the goal of bringing killer features and functionality to WordPress blogs everywhere.

July 16, 2015 — Offering HTTPS is beneficial for site owners and visitors alike. Whether you need to protect your admin credentials, or just to raise the search engine ranking of your site. You can do both with HTTPS!
I show the pitfals and how to make your site HTTPS compatible while giving developers some hints on the most common mistake when creating themes or plugins which can break HTTPS.

July 15, 2015 — Jon gibt einen Überblick über die gängigen Hackingmethoden und warum ist es wichtig, immer die aktuellsten Updates installiert zu haben. “Wie kann ich ein Script sicher machen?” – Livehacking an Plugins oder Themes.

Presentation Slides »