Marcus Bointon

  1. Home
  2. Speakers

France

marcus.bointon.com

Twitter

Marcus Bointon

I'm a pentester and writer for Radically Open Security, work on smartmessages.net, and support 1CRM. I'm the maintainer of PHPMailer (the second-most forked PHP project on GitHub!) and contribute to many other open-source projects. I'm a skier, songwriter, PHP & Laravel developer, privacy advocate, sysadmin, technical writer, and the author of "The HTTP/3 book". I've spoken at many conferences around the world. I live in the French alps with my wife, kids, guitars, skis, and bikes.

Montreal 2026 sessions

Full-Stack security for web applications

English training

Every day we hear about apps being hacked, and data breaches causing enormous disruption; let's learn how to avoid being the subject of such bad news! In this 1-day workshop, we will look at the whole deployment stack of a typical web application, and work through a set of configuration and code examples using vanilla PHP to discuss and demonstrate security problems, solutions, and defence-in-depth at every layer of the deployment stack, from cloud infrastructure all the way through firewalls, SSH & TLS config, injections, validation & escaping, and XSS.

We will also look at numerous testing and attack tools to check that what you're doing is actually working.

You'll work through examples (using PHP) using your own laptop and a provided Ubuntu VM.

Magical client-side logging – the little headers that could

English session - Beginner

In a server-side app, it's easy to find out what went wrong from logs. But what about the client side? The W3C's Reporting API, Content-Security-Policy, Network Error Logging (NEL), and the Reporting-Endpoints HTTP headers can let you know about all kinds of client-side issues that you might otherwise never see. Find out how to use them, monitor what they're up to, and solve all the issues that only your customers have been seeing!

PrAIvacy – Privacy and security in AI tools

English session - Beginner

AI tools are rapidly embedding themselves into every layer of the modern development stack, whether via design platforms, IDEs, chatbots, review services, MCP servers, or CLI tools. But what happens to your sensitive data and code when these tools are involved? What are they really up to behind the scenes, and what risks do they introduce?

We'll take a practical tour of threats, vectors, and defensive strategies to help you use AI tools safely

Montreal 2025 sessions

Montreal 2024 sessions

Montreal 2023 sessions

Montreal 2022 sessions

Montreal 2020 sessions

Montreal 2019 sessions

Montreal 2018 sessions

Sponsored by

Become a sponsor
© 2010-2026 ConFoo. All rights reserved. Code of Conduct