addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrosseditemptyheartexportfacebookfolderfullheartglobegmailgoogleimageimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

Security: Basic Web Application Security

The High Desert Web Developers group meets the first Tuesday of every month. This local group is a nice place for people to learn and talk about coding for the web. We talk about web development in general, covering all aspects from planning, design, development, and maintaining a web site. RSVP is not required and attendance is free. Tell all your friends!

What are we going to talk about?

Web Security.

So, it seems towards the end (when I left anyway) there was a good discussion on security related problems. Most was focused on WordPress, but pretty much every CMS and many other web application have had its run ins with security problems. There are many types of security problems developers run into from simple SQL injection and session hijacking to CSRF (Cross-Site Request Forgery) and XSS (Cross Site Scripting).

It seems most are working with PHP and MySQL (Drupal, WordPress, custom applications). Always, always audit code you have not made yourself and try to get someone else to audit yours. Just because "Super-awesome Widget 1" seems popular and is recommended by "l33tCM$dude" doesnt mean it cant have a backdoor or vulnerability.

All of my latest projects use a simple framework I have compiled over the years that forces ALL content received (Cookies, Requests, Post, Get, Server, Session, etc.) from outside the script is first "made safe". It trusts absolutely nothing and will only make items unsafe if requested directly. Including simple obfuscating techniques such as MD5 Hashing (with salt!), RC4 and generic encoding (Base64, Hex, etc.)

Anyone up for some basic PHP and MySQL tricks to help prevent SQL Injection, XSS, CSRF, Session Hi-jacking? Keep in mind, I am not a security expert, but have worked in industrial control and electronic medical records fields that have some pretty strict requirements.

Community Time / Lightning Talks

We'll open up the floor to the community where anyone can talk about anything technology related. Do you have anything cool you want to share with the community this month? Share your knowledge!!!  Post your lightning talk in the comments.

Where are we meeting?

We are meeting in the McDonalds conference room at the Apple Valley McDonalds on the corner of Apple Valley Rd and Bear Valley Rd. The room seats up to 49 people and is free to use.

If you plan on attending, RVSP for the meeting. You DO NOT have to RSVP on this site to attend, you can just show up. If you do RSVP, you'll be emailed a reminder for the meeting on one day before the meeting.

Feel free to leave a comment if you have any suggestions or want to give a lightning talk.

 

Join or login to comment.

  • Martha S.

    It was great to learn about security. We know it was just some bare-bone basic/general techniques and strategies, but it was worth attending. As for the meeting itself, it was great to get to know everyone a tad better. *That Drupal song is still stuck in my head* :-P

    September 5, 2012

  • Tom F.

    Very good talk on some vulnerabilities you need to know about when developing for the web. Good Job Mike!

    September 5, 2012

  • Martha S.

    Okay! With all the excitement of labor day weekend we almost forgot. We'll be there shortly.

    September 4, 2012

  • Tom F.

    Last minute change of venue! McDonalds is currently doing construction in their internal conference room. We will be meeting at the ActiveLAMP offices at:

    ActiveLAMP
    12180 Ridgecrest Rd Suite 106
    Victorville, CA 92395.

    We are right next door to Charter Communications!

    September 4, 2012

  • Tom F.

    This sounds like a really good topic. Thanks Mike for presenting on this. Looking forward to it!

    August 9, 2012

  • Martha S.

    We're totally interested!

    August 8, 2012

9 went

Our Sponsors

  • ActiveLAMP

    Provides the projector for the monthly meet-ups, and meetup.com dues.

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy