Login or Register

Secure Programming with the Zend Framework

Stefan Esser (12.Jun.2009 at 02:00)
Talk at Dutch PHP Conference 2009 (English - US)

Rating: 4 of 5

The idea of that talk is to go through the classes of vulnerabilities or security problems that you usually need to take care of yourself and look at the Zend Framework to check what internal protection ZF offers and how they are used and what problems you still need to solve on your own.

Quicklink: https://joind.in/597

Who are you?

Claim talk

By clicking this button you are declaring that you are the speaker responsible for it and a claim request will be sent to the administrator of the event.

If the claim is approved you will be able to edit the information for this talk.

Are you sure?

 
Comments closed.

Comments

Rating: 4 of 5

12.Jun.2009 at 14:07 by Harro van der Klauw

Some comments on the talk where a bit towards the obvious, but the part about how to setup Zend_Session was nice.

I was however wondering at the code example where the session was started, the exception caught and the session restarted. I think this can't be done, once destroy is called on a session, a flag is set that prevents it from being started again.

Rating: 3 of 5

12.Jun.2009 at 19:18 by Mark van der Velden

The talk was fairly low/mid level but had some nice reminders, the sessions part was a good addition.

Rating: 4 of 5

13.Jun.2009 at 13:10 by Walter Hop

I don't use the ZF app framework myself, but checked this presentation to see if there are some nice ideas to use. And there were. Amongst which the auto generated CSRF token in the form generator.

Actually a small question/side discussion gave me a good idea for auto-encoding strings in my own front-end framework.

So this was a nice update and pretty inspirational.

Rating: 4 of 5

13.Jun.2009 at 22:09 by Tom Van Herreweghe

I use ZF on a daily basis, and I was curious to see if and how I could improve my security. I was very surprised to see that I already use a lot of the suggested improvements. I liked the info on Zend_Session, and the Hash element to prevent CSRF. Quite obvious, the latter one, but so much forgotten...

Rating: 5 of 5

15.Jun.2009 at 18:33 by Rick Walker

Very interesting talk. I use ZF every day also and it was also reassuring to see that I am already doing (mostly) the things highlighted by Stefan here.

Was particularly interested in the CSRF examples.

Rating: 3 of 5

15.Jun.2009 at 22:34 by Jelle-Jan van Veelen

Most of the things you talked about, should be common knowledge to each webdeveloper. For the people that did not knew all the pitfalls: excellent talk. For the ones that did: mostly a good freshup.

Sign in

Or login via these services:
Sign in with twitter

Sign in with Facebook

Need an account? Register now!
Forgot Password

Combell
Cloud server hosting by Combell

Submit your event

Know of an event happening? Let us know! We love to get the word out about events the community would be interested in and you can help us spread the word!

Submit your event!

Claiming Talks

Claiming a talk you let us know that you were the speaker for it. When you claim it (and it's approved by the event admins) it will be linked to your account.

You'll also receive emails when new comments are posted to it.

Events | Talks | Search | About | Help | Blog | API | Contact
Cloud server hosting by Combell Combell      © Joind.in 2012