2. Anna Völkl / @rescueAnn
Hi, I'm Anna. http://anna.voelkl.at
I'm a Magento Certified Developer.
5 years Magento, Java/PHP since 2004
I love IT & Telecommunication and IT- & Information-
Security.
I work at . Web Agency in Vienna/AT
3. What is Magento?
●
eCommerce Plaform
●
Initial release 2008
●
Varien eBay Permira private equity fund
●
Editions
– Community Edition (CE, Open Source)
– Enterprise Edition (EE)
●
Matthias Talk
– https://github.com/viennaphp/talks/blob/master/201505/01-outlook-on-magento-2.pdf
11. academic titles?!
Teamwork also involves being a good teammate, which is why we are very proud
シャネル デコ
FC Barcelona and was presenting partner of the Fan Zone event prior to the gamehqn
Лечебные грязи Сакского озера
Trying to find for a approach to raise male power and endurance.
New year2013 best now41
Импотенция вы поглядите !
how to write an essay explaining why you deserve a scholarship
Sophisticated
Men
High-heeled shoes
A Wise Choice
http://onemilliondollarhomepage.ru/
how to write up divorce paper
write your name really cool
shady lady free download
driver samsung hd160jj p
15. OWASP Top 10
1) Injection
2)Broken Authentication and
Session Management
3)Cross Site Scripting (XSS)
4)Insecure Direct Object
References
5)Security Misconfiguration
6)Sensitive Data Exposure
7)Missing Function Level
Access Control
8)Cross-Site Request Forgery
(CSRF)
9)Using Components with
known Vulnerabilities
10)Unvalidated Redirects and
Forwards
16. Stop „Last Minute Security“
●
Do the coding, spend last X hours on „making it
secure“
●
Secure coding doesn't really take longer
●
Data quality software quality security
●
Always keep security in mind
20. Frontend input validation
●
User experience
●
Stop unwanted input when it occurs
●
Do not bother your server with crazy input
●
Only store, what you expect
Don't fill up your database with garbage.
46. ●
Weird customers and customer data was removed
●
Frontend validation added
•
Dropdown (whitelist) would have been an option too
●
Server side validation added
●
Output escaped
47. Summary
Think, act and design your software responsibly:
1) UTF-8 all the way
2) Client side validation, filter input
3) Server side validation
4) Data storage (database column size,...)
5) Escape output
6) Run tests