addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1linklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Writing Secure Web Applications with Chris Cornutt

Live Stream: http://sfphp.org/live

Overview

Being secure on the web is getting harder and harder - the attacks are happening more and more and we, as web app developers, have to respond. The session will share tips you can follow in your code to ensure that your app stays safe and some tips to help improve investigation and preventing your app from becoming the next statistic.

About Chris Cornutt

For the last 10+ years, Chris has been involved in the PHP community in one way or another. These days he's the Senior Editor of PHPDeveloper.org and curator of @phpquickfix, @jsquickfix and @websecquickfix. He's written for several PHP publications and has spoken at conferences in both the U.S. and Europe and publishes security articles on his site Websec.io. He's also an organizer of the Dallas PHP User Group and the Lone Star PHP Conference.

Agenda

6:30pm - Arrive to meet, greet, and eat

7:00pm - Presentation begins

Hosted By Mashery

Start building better applications now, with your choice of more than 50+ RESTful APIs accessible from a single Mashery ID: http://developer.mashery.com/apis. You can navigate RESTful APIs including ESPN, Klout, Rdio, Rotten Tomatoes, TomTom, Hotwire, and USA TODAY using our API Explorer: http://developer.mashery.com/iodocs, plus get started fast using our collection of mobile sample apps from our Mashery Github page: http://mashery.github.com


Join or login to comment.

  • Thomas R.

    I recommend for anyone to get these 2 tools and learn about packets. Wireshark and Charles. These are fantastic tools, and I have used it not only to check security, but also for understand how my content is coming down the pipe, especially when you have to consider streaming content.
    http://www.wireshark.org/
    http://www.charlesproxy.com/

    August 23, 2013

    • Jacob M.

      +1 for Charles, saves my behind on those instances when I need it.

      August 23, 2013

  • Thomas R.

    @Kenoli, The point is not just the scripts, its the system infrastructure. Business logic alone isn't going to save the day. A hacker doesn't just rely on weaknesses in code, they rely upon the ability to intrude on holes in box. They look for laziness in set-up. Most hackers are not that adept where they go full boar and know to attack at the lower level, meaning they read 0's and 1's and know how to tear apart a tcp packet and make even the network admin cringe. Its actually very disturbing if you knew exactly how much damage could be done and how easy it is to do given the 'tools' and the motivation to do it. Most hackers have the 'tools' and know specific patterns in codes to look for. And that is one of the keys to thwarting their success, don't give them the pattern they are looking for. Make it so hard for them, that is pisses them off.

    August 23, 2013

  • Thomas R.

    As a kickoff to introducing the concepts to secure web applications and writing them, the Chris brought the more critical points to light: developer education and awareness. This isn't secluded to writing code in php, and all developers... or more bluntly development teams need to know and understand the tools and the coding practices that will make their projects a better ride and a better product when shipped.

    What I would really like to see is to have a live lab demo of the topics covered, where the developer can see first hand how things work and why. Its one to chat about the concerns of cross domain attacks, dos attacks, but its a total mind blower when you show the attack simulated out and the devastation it causes.

    A hands on approach is an invaluable way to pass on the message and the method.

    August 22, 2013

    • Thomas R.

      That would be total fun-sauce ! :)\

      August 22, 2013

    • Thomas R.

      Thank you guys for hosting... I had a great time.

      August 22, 2013

  • A former member
    A former member

    Thanks again to Mashery for hosting the event!

    August 22, 2013

  • A former member
    A former member

    Lots of good info on making the web safer.

    August 22, 2013

  • Dave E.

    Ask me why after years of working with PHP I switched to node. :D

    August 21, 2013

    • Thomas R.

      Because you drank the corporate coolaid?

      August 22, 2013

  • Thomas R.

    AWESOME

    August 22, 2013

  • Stefan M.

    I liked how Chris stated emphatically: "Use HTTPS - No Excuses!". He suggested to use the Respect/Validation package, so when I looked it up I found this article: http://websec.io/2013/04/01/Effective-Validation-with-Respect.html , which happens to be written by Chris himself - how cool is that! The best joke of the night is when Chris said to (of course) avoid using "eval" in your code, and someone replied: "You mean the lesser of two evals", hahaha.

    1 · August 21, 2013

  • Chris C.

    Thanks to everyone for coming out and for giving so much great feedback during and after the presentation :) Had a fun time presenting...

    August 21, 2013

  • Jacob M.

    Just a catch-up for tonight:

    1) There will be streaming (or at least an honest attempt at it) as well as a video available later (provided Chris consents, of course).

    2) There will be pizza, soda, and beer, provided by Mashery

    3) I have added 10 more RSVP spots -- get them while they're HOT! We will have an RSVP list at the door, and if your name is not on the list, you will not be able to get in. Sorry!

    1 · August 21, 2013

  • Mike T.

    The stream url is http://s.sfphp.org/live

    August 21, 2013

  • Chris C.

    If you'd like to follow along (or aren't able to make it tonight) I've posted my slides for tonights meeting here: https://speakerdeck.com/ccornutt/writing-secure-php-applications-1

    1 · August 21, 2013

  • Tom S.

    Got the email:
    "We are planning to have video of the event (possibly even a live stream, details to come), so you won't miss out!

    Thank you, and I look forward to seeing everyone on Wednesday!

    Jacob Mather"

    Is the streaming/video of event going to happen?

    August 20, 2013

    • Vladimir S.

      Hey Tom are you croat/serb/bosnian?

      August 21, 2013

  • Kestutis I.

    I'm a biggest Php developers network founder in Lithuania, and spend over 10 years in php Workd.

    August 19, 2013

  • Shane

    Probably over my head at this point. Need to concentrate on solid code first.

    August 16, 2013

  • Dave E.

    Security is everyones problem

    1 · August 15, 2013

  • Alan B

    looking forward to the meeting!

    August 14, 2013

  • MJMurillo

    Yay!

    1 · August 8, 2013

Our Sponsors

  • Fictiv

    Organizer Time, Venue, Food, Swag

  • JetBrains

    PHPStorm Licenses and swag

  • Pluralsight

    Subscriptions and swag

  • O'Reilly

    The O'Reilly User Group Program provides the great books we get monthly.

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy