March 24, 2010 7:00 PM - 70 attended
PHP Security
This location is shown only to members
Security can have a significant affect on you and your business, but can seem daunting. One of the most important aspects of creating secure sites is knowing what to look for.
In this meetup we’ll talk about:
- Why you should be concerned about security
- How PHP security fits in the larger picture
- Examples of common security concerns, with solutions
- How you can apply this information to improve your sites
While some of the topics we’ll discuss are specific to PHP, most of them apply to a website written in any language. Since this is a PHP meetup, the examples will all be written in PHP.
Planned topics include:
- Cross-Site Request Forgeries
- Cross-Site Scripting
- Session Fixation
- Cross-Site Session Transfer
- Pseudo-Random Number Generator Attacks
- SQL Injection
- Email Injection
- Path Disclosure
- Path Traversal
- Request Value Fixation
- Invalid Character Encoding
- File Uploads
- Password Hashing
- Magic Quotes and Register Globals
- Cryptography Mistakes
There will be opportunities throughout the talk to ask questions, and links to more information about each topic will be provided. You’re sure to walk away from this meetup better informed about PHP security!
Signup now before it fills up!
-
-
Will Bond
I posted the slides from last night at http://wbond.net/security/
. Thank you for attending and for the great feedback!Posted March 25, 2010 at 4:59 PM
70 attended
-
Michael BourqueEvent HostOrganizer, OrganizerWill Bond did a great job covering what you need to know about security. It's too easy to fall into a pattern of writing code that is vulnerable to attack. Will gave some great examples, and best practices. He said it was his first time public speaking - you would never know it. He was well prepared and polished, took the time to answer questions, and he finished right on time. Well done!
-
-
-
Jen StricklandFriend of Boston PHPWill is a knowledgeable speaker, handles questions well. The tech there made it difficult to hear him a lot of the time. I wanted a microphone on him.
-
Bobby CahillCo-OrganizerFilled in some of the gaps in my security knowledge. Learned about a few types of malicious attack methods I was unclear about or never even heard of. Will did an excellent job keeping the presentation concise and generalized. The presentation ran a little long but only because there are so many important topics to cover in a "learn what you need to learn" type of presentation about security. I look forward to seeing the slideshow posted online so I can use it as a reference.
-
Rick HellerLong time memberThis was the best meetup I've been to. The speaker's organization was excellent (that has not always been the case at prioir meetups) The information was to the point and extremely useful.
-
P T WithingtonVery nice overview. Covered a lot of ground in a short period of time -- showing us all where we need to to homework.
-
Adam FisherWill did a great job taking a huge topic and distilling it down to the essentials and then explaining it to the audience in a way that made it practical and useful.
-
Dr. David K. PattersonA good presentation on an important area. Bring much together to reinforce what shpuld and needs to be done during development. A followup on scurity validation and remediation would be useful, including security penetration tools.
-
Nan HarbisonLongtime memberIt was just the right amount of information and at the right level. It was so helpful for those of us who are self-taught and missed stuff like this. It was perfect !
-
Boz HoganWebmasterPHP Security is a boring subject, but necessary for any serious PHP programmer. Most presentations on this subject will put you to sleep. Will Bond new his stuff and presented the material well, and professionally handled disruptions due to the venue that would have rattled many speakers. No one was asleep at the end.
-
Jim O'NeilContent was right on topic, extremely useful, and it's clear Will knows his stuff. The information was invaluable, but it's a lot to absorb in a short period. There were a lot of potential threats and I left feeling very worried :) but not quite sure what I needed to do to to protect my code. I feel in this case less would have been more. Spend more time on the most common attack vectors, for instance, describe them, demonstrate them, then address them. I would have left feeling more empowered if I'd have completely understood the five most common or dangerous scenarios and remedies against them, than I do at the moment knowing there's a LOT of scary stuff out there and wanting to disconnect all my machines from the network :)
-
Raymond PlanteFriend of Boston PHPExcellent overview of the major buckets for common php security risk. Fairly digestible for non-security gurus.
-
Karl DebisschopFriend of Boston PHPTopic was good, discussion was somewhat informative. Speaker, however was dry and somewhat disorganized. His slides were much better than his delivery, and even they had several typos (My apologies to the speaker, whose volunteer time I really appreciate. I'm hoping that if you read this you'll take it as constructive criticism) The facility was sharing the evening with an event on the floor above, which at times amde the presentation inaudible.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Other nearbyMeetups
Why these groups?
x
The Meetup Groups shown here are topically similar to Boston PHP.
Groups are more likely to be displayed here if they:
- have a Meetup scheduled
- have a high rating
- have a group photo
- are "public" and not "private"
- have shown they are likely to stick around (older than 30 days)
-
-
515 Sparks
-
-
-
-
288 Technology Enthusiasts
near Boston
The RSVP is closed due to space limitations. If you really want to attend, please send me an email.