I have attended only one day. So my review will be short. You can visit here for full schedule.
Emir talked about defensive programming at PHP. Although it was his first presentation on this topic, his presentation was full of useful information and references. Slides should be studied carefully, because some of them may confuse you. For example; objects calisthenics slide says that don't use getters and setters. That doesn't mean encapsulating your class variables is wrong. It mentions strong encapsulation and abstraction that your class should not expose any data to outer world; it should process its data with public methods exposed to outer world. Although his presentation was in PHP, most of the slides are valid for any object oriented programming language.
Mehmet talked about XSS vulnerability. In ~20 min, he explained the subject very well. His examples were very satisfactory. We understood types of XSS. It's not easy to fix it. Although it seems a small topic, it's very deep indeed. Mehmet works as a senior pentester at Invictus company. I suggest to follow him on twitter, on his blog and by attending his public sessions on meetups/conferences.
Doruk talked about web application server monitoring. But this time it was not about monitoring only by listening heartbeats of the server. For example; server replies to ping requests or server listens and responds to port 80. It was about monitoring your application server's health with user scenarios. For example; let's assue it's an e-commerce application. You're checking is login scenario working successfully, or is checkout process is working successfully. It's one step ahead from testing your login page is avaliable. Yes, your login page can be available but your customers can not be logged in. (We experienced this situation @kitapyurdu.) He talked about an open source application, Zabbix, for this purpose. It's worth to look and experiment it.
Uğur talked about how we can use new front-end technologies like react or vue.js in our current web applications without rewriting all the project from scratch. Most people want to use those new technologies but they don't know where to start. So they follow some basic tutorials, they write some private code to understand what's going on and some time later they forgot what they've learnt. Because they didn't write production code with those technologies, and practice them on real life projects. Uğur showed us how they integrated vue.js into their projects, step by step, component by component.
Barkın talked about XML security vulnerabilities and how can attackers deceive XML parsers. If you're using XML parser on your applications and you process XML data from users, you should take a look at this vulnerability. It's important that even facebook had this exploit once. He said he will share presentation on slideshare. So you can follow his slideshare, twitter.