Stefan Esser (11.Jun.2009 at 02:00)
Talk at Dutch PHP Conference 2009 (English - US)
This workshop is meant for PHP programmers that know the basics of PHP but have no or only a bit insight into the security problems they have to deal with when developing web applications. During the workshop the most important subjects of web application security will be introduced, which are:
* Input filtering
* Cross Site Scripting (XSS)
* Cross Site Request Forgery (CSRF)
* SQL Injection
* Session Managament
* PHP Code Inclusion and Evaluation
Every subject will be introduced from the attacker's and the programmer's point of view, because for an effective defense it is vital to understand the tricks of the offense.
Quicklink: https://joind.in/601
By clicking this button you are declaring that you are the speaker responsible for it and a claim request will be sent to the administrator of the event.
If the claim is approved you will be able to edit the information for this talk.
Are you sure?
12.Jun.2009 at 10:08 by Ian Barber
Covered pretty much all the basics of web app security, with some nice snippets of more unusual stuff - which was exactly what it was billed as. Very knowledgeable speaker, there were quite a few examples of types of exploits, but maybe could have been something included on the more general process of testing the security of your web apps.
13.Jun.2009 at 08:02 by Jacob Christiansen
Good tutorial. Coverd all the basic. If he had put in a bit more examples and maybe some advanced stuff it would hvae been perfect.
14.Jun.2009 at 11:17 by Russell Flynn
This was advertised as a "crash course" so I was expecting to hear a lot of things I had heard before, whilst keeping my fingers crossed for something new.
I found the parts about UTF-7 and character encoding particularly interesting, along with the union selects (sql injection).
Whilst Stefan didn't come across as an excited or enthusiastic speaker (maybe because of issues on the day) it is very clear that he knows his stuff and it's nice to come away with an "expert" view on the way certain strategies should be implemented.
In my opinion, the "crash course" aspect of security could be left for the standard sessions (one hour talk) and this kind of tutorial day would be better used as an intermediate to advanced session, skipping or skimming over the basics and going straight to the juicy stuff. [My rating won't reflect that comment because the title was clear enough]
Know of an event happening? Let us know! We love to get the word out about events the community would be interested in and you can help us spread the word!
Claiming a talk you let us know that you were the speaker for it. When you claim it (and it's approved by the event admins) it will be linked to your account.
You'll also receive emails when new comments are posted to it.
11.Jun.2009 at 14:41 by Boy Baukema
Only saw a quart of this tutorial (after morning coffee break and before lunch).
Talk mentioned all of the important security issues out there right now and how to fix them.
Unfortunately it was a talk aimed at beginners in the field of WebAppSec and I was hoping for more advanced topics (my fault, it's a 'Crash Course').
Good talk!