Marcus Bointon
I work on smartmessages.net and clubzero.co, support 1CRM, and pentest and write for Radically Open Security. I'm the maintainer of PHPMailer (the second-most forked PHP project on GitHub!) and contribute to many other open-source projects. I'm a PHP developer, privacy advocate, DPO, Linux sysadmin, technical writer/editor, MySQL DBA, and the author of "The HTTP/3 book". I've spoken at many conferences around the world. I live in the French alps with my wife, kids, guitars, skis, and bikes.
Montreal 2025 sessions
Picking the low-hanging fruit – easy pentest wins
English session - Intermediate
Penetration tests are a critical step in securing web services, but often much of their effort is wasted reporting simple things that can easily be fixed in advance. We will look at common security issues that are found in pentests at all levels in the deployment stack, concentrating on those that can be resolved quickly and easily in one place (in any language), and show how to fix them, freeing up expensive pentester resources.
QUIC and HTTP/3: the next step in web performance
English session - Intermediate
The ways that we can deliver HTTP has improved in occasional leaps, from 1.0, 1.1, a big step to 2.0, and now 3.0. A big obstacle has been TCP, which isn't great for HTTP, but we are stuck with it – or are we? QUIC is a reimagining of TCP that runs over "the other protocol", UDP, and integrates HTTP/3 and TLS 1.3, giving us a step up in performance and security. Discover how it works, how to set up your servers and apps, and deploy it today.
