Learn how to protect sites from XSS (cross-site scripting), MySQL injection and unfiltered input attacks during common WordPress development practices. I will provide the security best-practices “how and why” for each of the following:
-saving post and post meta input.
-displaying post and post meta values.
-responding to an AJAX request.
-parsing query strings.
-querying the WordPress database.
-saving theme or plugin options with the Settings API.
-retrieving theme or plugin options from the Settings API.
Speaker slides can be found here: https://speakerdeck.com/rachelbaker/code-with-care-write-secure-themes-and-plugins