From the list of tutorials on Day One of DPC 2009, I chose to sit-in on Stefan Esser's Security Crash Course with the idea that it would be a good opportunity for a review. When he displayed one of his introductory slides about the topics he would be covering, there seemed to be no surprises: input filtering, XSS, CSRF, SQL injection, session management and PHP code inclusion and evaluation -- it was a fairly expected list of all those things in an application that can threaten at one time or another to come back and bite a developer on the back-end (or front-end too for that matter). Even though some of the topics on the list already suggested to me certain known risky situations and how to diffuse them, it didn't matter. I was here, after all, for a review, a reality-check, hoping that certain topics such as PHP code inclusion and evaluation would be made even clearer.

It worked like a charm, although, not immediately, not necessarily in that room on that day.