Picking the low-hanging fruit – easy pentest wins

"Penetration tests are a critical step in securing web services, but often much of their effort is wasted reporting simple things that can easily be avoided in advance. We will look at security issues that are often found in pentests at all levels in the deployment stack, concentrating on those that can be resolved quickly and easily in one place (in any language), and show how to fix them, freeing up expensive pentester resources for tackling more complex challenges."

Marcus Bointon

I'm the maintainer of PHPMailer, possibly the most popular code for sending email in the world, a top-10 PHP project on GitHub (with over 9,900 forks and 21,000 stars, and 56 million downloads on packagist), and used in WordPress, Drupal, Yii, SugarCRM and many other projects. I have ansnwered over 1,000 questions about PHPMailer and email on StackOverflow (where I'm also the top answerer for the SPF and DKIM tags), so I'm very familiar with the kind of problems beginners in particular run into. PHPMailer is also at the heart of the privacy-first email marketing company I run, smartmessages.net.
JSConf Budapest welcomes everybody, please be nice to each other.