November 25th, 2008
What would another November meeting be without cliche turkey jokes? Security isn't just gravy for web developers, but trying to understand all the latest buzzwords will make you feel like you're running around without a head. This month, New York PHP Managing Member Hans Zaunere provides a cornucopia of best practices and simple security fundamentals that will prevent you from being the turkey. Given originally at
OWASP's AppSec Conference, join NYPHP and get the buckshot you need to knock the stuffing out of that wiley script kiddie.
Anyone involved in web application development over the last five years should be aware of the security ecosystem surrounding PHP. Often overhyped, sometimes dramatic, and always interesting, the topics of PHP and security are usually linked at the hip, and a favorite comedy topic for those involved with other languages.
While PHP has made some security mistakes in the past, the focus of criticism is often misguided. The applicable codebase for the security notices - whether it be the PHP core, an extension, or an application - is forgotten and PHP as a whole gets one more strike.
PHP also provides great power and flexibility. But with it, comes great responsibility. As with any application living on the internet, it's the entire support staff's responsibility architect, developer, and administrator - to ensure an application meets organization security requirements.
In this talk, Hans Zaunere, Managing Member, New York PHP, provides tips, tricks, and fundamental best practices from the trenches for ensuring your code and LAMP deployment isn't caught off guard. He'll
then review the PHP security ecosystem and available resources, debunk myths, and reveal some surprising facts that could leave you thinking PHP is one of the most secure languages available today.
Thank you to IBM for providing a great presentation space in Midtown Manhattan. As a service to our community,
New York PHP Community meetings are always free and open to the public.