Security is hard. As critical as it is to our collective work — and the internet as a whole — far too many of us don’t have a solid grasp of addressing and avoiding vulnerabilities in our projects.
This talk will bring up and explain several real world examples of common vulnerabilities and exploits that turn up in WordPress plugins and themes (Cross-Site Scripting, Timing Attacks, Cross-Site Request Forgeries, etc), detail some best practices to be used in their avoidance, and advise on how to respond when you learn of a vulnerability in a project you’re maintaining.
While this is a development-oriented talk, it will not get too deep into code — so while some familiarity with PHP would be nice, it’s not a requirement.