PHP Security

By:

No week passes without internet security in the news, but many embarrassing
public break-ins are not related to browser, web server, or OS
vulnerabilities, but to a web application. The same mistakes are made
regularly by many programmers, making it easy for crackers. Like many
things, security is much easier to build in from the start by following good
practices than to try to fix later.

In this talk we will examine programming mistakes, how attackers work, and
what measures can be taken to avoid common traps. Some often talked about,
but not always understood exploits will be explained and demonstrated. We
will look at SQL injection, Cross Site Scripting (XSS), and session
hijacking.

Stream: PHP, Security

Paper: A paper has not yet been submitted.

Luke Welling lives in Melbourne and is a Senior Software Engineer at
Hitwise.com. He has been using PHP for nearly ten years. PHP and MySQL Web
Development, co-authored with Laura Thomson (Sams 2004), is the best selling
open source programming book of all time. Luke has previously worked as a programmer for various companies including MySQL AB, run a freelance web development business, and taught computer science and engineering at RMIT University. He is a regular speaker at open source conferences around the world, having given tutorials, sessions, or keynotes at the O'Reilly Open Source Convention, PHPCon, LinuxTag, The MySQL Users' Conference, The International PHP Conference and OSDC.