Security is hard. Over the last few months there have been a number of high-profile plugin security vulnerabilities, but there is surprisingly little familiarity in the developer community when it comes to properly evaluating and remedying issues when they are discovered.
In this talk, we’ll be explaining in basic terms how several types of vulnerabilities work (including Cross-Site Scripting (XSS), SQL Injection (SQLI), Cross-Site Request Forgeries (CSRF), and Clickjacking, see what can be done to defend against them, and what to do when you have a vulnerability reported to you.
Please Note: This is a development-oriented talk, but will not get too deep into code.