Speakers
PHP and Open Source Security Conference - June 11th, 2005
We are pleased to announce the keynote presentor of the upcoming PHP and Open Source Security conference, Bruce Perens.The June 11th conference also features talks by Christian Wenz, Chris Shiflett, Tom Robinson, and Chris Hubbard - all of whom will be covering a wide array of topics on security within the PHP and Open Source environment.
Bruce Perens - Keynote Speaker
Topic
Why people who care about security use Open Source, and what we need to do to keep it that way.
Time
10:00am - 11:30am
Abstract
Organizations that care about security, like the United States Department of Defense, use Open Source software. Why? What has Open Source done right so far, and what do we need to do to maintain a high level of security for Open Source software?
More information about Bruce Perens
Christian Wenz - New Trends in Web Hacking
Topic
New Trends in Web Hacking
Time
11:45am - 12:30pm
Abstract
The basic principles of secure web development should be common sense by now, but new or updated attacks require even more caution when implementing a web site. This talk shows these attacks and what to do against them. Among the topics covered, you find Cross Site Scripting (XSS) where you wouldn't expect it and that really hurts, various kinds of blog spamming and all kinds of code injection: XSL, SQL, and others.
More information on Christian Wenz
Chris Shiflett - PHP Security Audit HOWTO
Topic
PHP Security Audit HOWTO
Time
1:30pm - 3:00pm
Abstract
Peer reviews are a frequently neglected asset of professional PHP development teams. With a moderate understanding of how to audit PHP code, you can vastly improve the security of your team's PHP applications.
This talk explains the art of the PHP security audit. Using practical examples, you are shown how to search for common pitfalls, how to identify filtering and escaping errors, and how to report your findings.
More information about Chris Shiflett
Tom Robinson - Web Security: PHP Under Attack
Topic
Web Security: PHP Under Attack
Time
3:15pm - 4:00pm
Abstract
Many PHP developers lay themselves open to trouble by assuming that the web is a benign place where everyone can be trusted. What can you expect when hackers visit your website? We will demonstrate, with "live" examples:
- Identity theft with HTTP authentication, PHP sessions, and defeating MD5.
- The famous phpBB worm of 2004.
- How not to have your PHP forms mailer hijacked by spammers.
- Why HTTPS does not solve everything.
- How PHP Output Control functions can help tighten forms validation.
- PHP source code theft, both browser-based and server-based.
- Avoiding hackers’ crosshairs with “stealth” PHP.
More information on Tom Robinson
Chris Hubbard - Advanced Data Validation with PHP
Topic
Advanced Data Validation with PHP
Time
4:15pm - 5:00pm
Abstract
One of the concerns in development is the need to protect web applications. One of the strategies for protecting a web application is data cleaning and validation. This presentation explores the design and implementation of a data cleaning and validation strategy. We will look at how different classes/frameworks handle validation. We will review the affects different patterns have on the overall structure of a web application. We will look at different regular expressions and their relative effectiveness. Finally the presentation will provide a set of best practice suggestions/recommendations.
More information about Chris Hubbard
Bruce Perens - Off-the-cuff Open Forum
Topic
Off-the-cuff Open Forum
Time
5:15pm - 6:00pm
Abstract
Shoot the tech with Bruce on all the latest in developments open source such as security, licensing, and what the big boys at HP are up to. This is a unmoderated open forum for anyone and everyone to ask questions and get some inside answers with long time Open Source strategist Bruce Perens.
More information about Bruce Perens
|
