Abstract
Using PHP in a continuous deployment environment poses a number of unique security challenges. This talk covers the application security tools and techniques Etsy has developed while running a worldwide marketplace at scale. Rather than standard topics like understanding and finding CSRF/XSS/SQLi vulnerabilities, this talk will primarily focus on new and interesting approaches to application security problems. Specifically, this presentation will cover building useful security systems such as automatic vulnerability and application fault detection, effective platform defenses for XSS/SQLi, practical security alerting mechanisms, and visualizations of security related data.