addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-crosscrosseditemptyheartfacebookfolderfullheartglobegmailgoogleimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartrashtriangle-downtriangle-uptwitteruseryahoo

November Meeting: PHP Security

  • Nov 14, 2012 · 7:00 PM
  • Fathom Creative

PHP is a very powerful language for easily developing web applications however with this power comes great responsibility ... and in this case that means not shooting yourself in the foot with lax security practices. Issues can arise from everything from language vulnerabilities and weak default settings to insecure coding practices and misconfigurations. This presentation plans to address many of these concerns by providing valuable lessons in the security of, attacks against, and management of PHP in your environment. The talk begins with an overview of PHP security, including it's known issues and corresponding security enhancements the maintainers have incorporated over time. Beginning with an in-depth discussion of Suhosin and how it can be used to lock down your PHP environment, the presentation next details PHPIDS and how it can be used to detect PHP-centric threats. The talk closes with a strategy for analyzing the risks in your PHP environment and applying corresponding PHP and platform/network mitigations to minimize your attack surface. 

The speaker is Salvador Grec, who has over 17 years experience, undergraduate and graduate degrees in Electrical Engineering, and a really well known security certification. Even though his training was in Electrical Engineering, Salvador has always been more of a Computer Science person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for 5 years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days doing cyber security paperwork drills in building and maintaining multi-billion dollar government systems. At night he runs, a local infosec website and tries to get some hands-on skillz.

Join or login to comment.

  • vikas c.

    { for($i = 0; $ i ===3 ; $i++){
    $answer.''.$i= $_REQUEST['answer'][$i]; }
    echo"{$answer1} {$answer2} {$answer3}";
    } ?>
    <form method='POST'>
    <input type="text" name="dynamicTags1" value="Web Design"/>
    <input type="text" name="dynamicTags2" value="Programming"/>
    <input type="text" name="dynamicTags6" value="Java"/>
    <input type='submit' name='answer' value='Submit'/>

    January 12, 2013

    • Sandy S.

      And here you see an example of escaping output.

      January 12, 2013

    • Sandy S.

      (by meetup in ensuring the HTML and PHP didn't render...the code sample doesn't escape output)

      January 12, 2013

  • Andy G.

    The main speaker didn't show, but the conversation was still interesting with many knowledgable people present.

    November 14, 2012

  • Sandy S.

    Just a heads up: we'll be meeting downstairs tonight. The buzzer is also broken, but we'll be right there if you knock and wave.

    November 14, 2012

10 went

Our Sponsors

  • php[architect]

    Pays for our Meetup page and provides occasional beverages.

  • Canvas Co/work

    Canvas gives us our space each month!

  • AOL

    AOL sponsors pizzas and other eats for the main meetup!

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy