February 26-28, 2025
Montreal, Canada

Picking the low-hanging fruit – easy pentest wins

Penetration tests are a critical step in securing web services, but often much of their effort is wasted reporting simple things that can easily be fixed in advance. We will look at common security issues that are found in pentests at all levels in the deployment stack, concentrating on those that can be resolved quickly and easily in one place (in any language), and show how to fix them, freeing up expensive pentester resources.

View all 191 sessions

Marcus Bointon

Devalps

I work on smartmessages.net and clubzero.co, support 1CRM, and pentest and write for Radically Open Security. I'm the maintainer of PHPMailer (the second-most forked PHP project on GitHub!) and contribute to many other open-source projects. I'm a PHP developer, privacy advocate, DPO, Linux sysadmin, technical writer/editor, MySQL DBA, and the author of "The HTTP/3 book". I've spoken at many conferences around the world. I live in the French alps with my wife, kids, guitars, skis, and bikes.

Read More