Crash Course Security
Stefan Esser (Jun 11, 2009)
at Dutch PHP Conference 2009 (English - US)
This workshop is meant for PHP programmers that know the basics of PHP but have no or only a bit insight into the security problems they have to deal with when developing web applications. During the workshop the most important subjects of web application security will be introduced, which are:
* Input filtering
* Cross Site Scripting (XSS)
* Cross Site Request Forgery (CSRF)
* SQL Injection
* Session Managament
* PHP Code Inclusion and Evaluation
Every subject will be introduced from the attacker's and the programmer's point of view, because for an effective defense it is vital to understand the tricks of the offense.
Quicklink: http://joind.in/601
Claim This Talk
Currently not open for comment.
Jun 11, 2009, 14:41 by relaxnow
Only saw a quart of this tutorial (after morning coffee break and before lunch).
Talk mentioned all of the important security issues out there right now and how to fix them.
Unfortunately it was a talk aimed at beginners in the field of WebAppSec and I was hoping for more advanced topics (my fault, it's a 'Crash Course').
Good talk!