SlideShare a Scribd company logo

Php Security Workshop

Aung Khant
Aung Khant
Economy & FinanceTechnology
1 of 39
Download to read offline
PHP Chris Shiflett Security Brain Bulb The PHP Consultancy Workshop chris@brainbulb.com
Who Am I? (Why Listen to Me?) Author of PHP Security (O'Reilly) and HTTP Developer's Handbook (Sams) Author of Security Corner (php|architect) and Guru Speak (PHP Magazine) Founder of PHP Security Consortium Member of Zend Advisory Board and an author of the Zend PHP Certification Founder and President of Brain Bulb, The PHP Consultancy
Talk Outline Introduction Security Principles Two Best Programming Practices Characteristics of a Secure Design Common PHP Vulnerabilities PHP Security Audit HOWTO (abridged) More Information Questions and Answers
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop
Php Security Workshop

Recommended

Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)Jerry Ocampo
 
Knolx j query-form-validation-slides
Knolx j query-form-validation-slidesKnolx j query-form-validation-slides
Knolx j query-form-validation-slidesKnoldus Inc.
 
Bring a Web Page Alive with jQuery
Bring a Web Page Alive with jQueryBring a Web Page Alive with jQuery
Bring a Web Page Alive with jQueryLearnNowOnline
 
Web Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris UriarteWeb Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris Uriartewebhostingguy
 
Web Security
Web SecurityWeb Security
Web SecurityRene Churchill
 
HTML validation, microformats, jQuery
HTML validation, microformats, jQueryHTML validation, microformats, jQuery
HTML validation, microformats, jQueryJeffrey Barke
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010Aditya K Sood
 
Accessible dynamic forms
Accessible dynamic formsAccessible dynamic forms
Accessible dynamic formsDylan Barrell
 

Recommended

Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)Jerry Ocampo
 
Knolx j query-form-validation-slides
Knolx j query-form-validation-slidesKnolx j query-form-validation-slides
Knolx j query-form-validation-slidesKnoldus Inc.
 
Bring a Web Page Alive with jQuery
Bring a Web Page Alive with jQueryBring a Web Page Alive with jQuery
Bring a Web Page Alive with jQueryLearnNowOnline
 
Web Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris UriarteWeb Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris Uriartewebhostingguy
 
Web Security
Web SecurityWeb Security
Web SecurityRene Churchill
 
HTML validation, microformats, jQuery
HTML validation, microformats, jQueryHTML validation, microformats, jQuery
HTML validation, microformats, jQueryJeffrey Barke
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010Aditya K Sood
 
Accessible dynamic forms
Accessible dynamic formsAccessible dynamic forms
Accessible dynamic formsDylan Barrell
 
jQuery
jQueryjQuery
jQueryJulie Iskander
 
CSS3 and jQuery
CSS3 and jQueryCSS3 and jQuery
CSS3 and jQuerypsophy
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHPAllan Shone
 
Php, mysq lpart4(processing html form)
Php, mysq lpart4(processing html form)Php, mysq lpart4(processing html form)
Php, mysq lpart4(processing html form)Subhasis Nayak
 
RedHat-System Administration I - RH124
RedHat-System Administration I - RH124RedHat-System Administration I - RH124
RedHat-System Administration I - RH124Nikola Tokić
 
Quick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with VagrantQuick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with VagrantJoe Ferguson
 
ClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveDan York
 
Cinematic UX Design
Cinematic UX DesignCinematic UX Design
Cinematic UX DesignDave Kelleher
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
 
Safety LAMP: data security & agile languages
Safety LAMP: data security & agile languagesSafety LAMP: data security & agile languages
Safety LAMP: data security & agile languagesPostgreSQL Experts, Inc.
 
Zero to Hero, a jQuery Primer
Zero to Hero, a jQuery PrimerZero to Hero, a jQuery Primer
Zero to Hero, a jQuery PrimerMatthew Buchanan
 
A brief look inside UML
A brief look inside UMLA brief look inside UML
A brief look inside UMLYoan-Alexander Grigorov
 
Using unicode with php
Using unicode with phpUsing unicode with php
Using unicode with phpElizabeth Smith
 
Cross platform php
Cross platform phpCross platform php
Cross platform phpElizabeth Smith
 
Scalable Internet Servers and Load Balancing
Scalable Internet Servers and Load BalancingScalable Internet Servers and Load Balancing
Scalable Internet Servers and Load BalancingInformation Technology
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareAditya K Sood
 
UpsilonPiEpsilon-UniversityOfBridgeport-May1997
UpsilonPiEpsilon-UniversityOfBridgeport-May1997UpsilonPiEpsilon-UniversityOfBridgeport-May1997
UpsilonPiEpsilon-UniversityOfBridgeport-May1997Muthuselvam RS
 
PHP Security Tips
PHP Security TipsPHP Security Tips
PHP Security TipsChris Tankersley
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Chris Tankersley
 
T3DD12 Security Workshop
T3DD12 Security WorkshopT3DD12 Security Workshop
T3DD12 Security WorkshopHelmut Hummel
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutDevSecCon
 
Cybersecurity career options & Getting started
Cybersecurity career options & Getting started Cybersecurity career options & Getting started
Cybersecurity career options & Getting started Balaji Rajasekaran
 

More Related Content

Viewers also liked

CSS3 and jQuery
CSS3 and jQueryCSS3 and jQuery
CSS3 and jQuerypsophy
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHPAllan Shone
 
Php, mysq lpart4(processing html form)
Php, mysq lpart4(processing html form)Php, mysq lpart4(processing html form)
Php, mysq lpart4(processing html form)Subhasis Nayak
 
RedHat-System Administration I - RH124
RedHat-System Administration I - RH124RedHat-System Administration I - RH124
RedHat-System Administration I - RH124Nikola Tokić
 
Quick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with VagrantQuick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with VagrantJoe Ferguson
 
ClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveDan York
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
 
Safety LAMP: data security & agile languages
Safety LAMP: data security & agile languagesSafety LAMP: data security & agile languages
Safety LAMP: data security & agile languagesPostgreSQL Experts, Inc.
 
Zero to Hero, a jQuery Primer
Zero to Hero, a jQuery PrimerZero to Hero, a jQuery Primer
Zero to Hero, a jQuery PrimerMatthew Buchanan
 
Scalable Internet Servers and Load Balancing
Scalable Internet Servers and Load BalancingScalable Internet Servers and Load Balancing
Scalable Internet Servers and Load BalancingInformation Technology
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareAditya K Sood
 
UpsilonPiEpsilon-UniversityOfBridgeport-May1997
UpsilonPiEpsilon-UniversityOfBridgeport-May1997UpsilonPiEpsilon-UniversityOfBridgeport-May1997
UpsilonPiEpsilon-UniversityOfBridgeport-May1997Muthuselvam RS
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Chris Tankersley
 

Viewers also liked (19)

jQuery
jQueryjQuery
jQuery
 
CSS3 and jQuery
CSS3 and jQueryCSS3 and jQuery
CSS3 and jQuery
 
SydPHP Security in PHP
SydPHP Security in PHPSydPHP Security in PHP
SydPHP Security in PHP
 
Php, mysq lpart4(processing html form)
Php, mysq lpart4(processing html form)Php, mysq lpart4(processing html form)
Php, mysq lpart4(processing html form)
 
RedHat-System Administration I - RH124
RedHat-System Administration I - RH124RedHat-System Administration I - RH124
RedHat-System Administration I - RH124
 
Quick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with VagrantQuick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with Vagrant
 
ClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin SteveClueCon2009: The Security Saga of SysAdmin Steve
ClueCon2009: The Security Saga of SysAdmin Steve
 
Cinematic UX Design
Cinematic UX DesignCinematic UX Design
Cinematic UX Design
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
 
Safety LAMP: data security & agile languages
Safety LAMP: data security & agile languagesSafety LAMP: data security & agile languages
Safety LAMP: data security & agile languages
 
Zero to Hero, a jQuery Primer
Zero to Hero, a jQuery PrimerZero to Hero, a jQuery Primer
Zero to Hero, a jQuery Primer
 
A brief look inside UML
A brief look inside UMLA brief look inside UML
A brief look inside UML
 
Using unicode with php
Using unicode with phpUsing unicode with php
Using unicode with php
 
Cross platform php
Cross platform phpCross platform php
Cross platform php
 
Scalable Internet Servers and Load Balancing
Scalable Internet Servers and Load BalancingScalable Internet Servers and Load Balancing
Scalable Internet Servers and Load Balancing
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web Malware
 
UpsilonPiEpsilon-UniversityOfBridgeport-May1997
UpsilonPiEpsilon-UniversityOfBridgeport-May1997UpsilonPiEpsilon-UniversityOfBridgeport-May1997
UpsilonPiEpsilon-UniversityOfBridgeport-May1997
 
PHP Security Tips
PHP Security TipsPHP Security Tips
PHP Security Tips
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
 

Similar to Php Security Workshop

T3DD12 Security Workshop
T3DD12 Security WorkshopT3DD12 Security Workshop
T3DD12 Security WorkshopHelmut Hummel
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutDevSecCon
 
Cybersecurity career options & Getting started
Cybersecurity career options & Getting started Cybersecurity career options & Getting started
Cybersecurity career options & Getting started Balaji Rajasekaran
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Securitysecdevmel
 
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneHost-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneAlec Sloman
 
Securing Applications
Securing ApplicationsSecuring Applications
Securing ApplicationsMark Harrison
 
Safety Talks Database
Safety Talks DatabaseSafety Talks Database
Safety Talks Databasebestsoul
 
Safety Talks Database Project
Safety Talks Database ProjectSafety Talks Database Project
Safety Talks Database Projectahmedapm
 
Girl Geek X Indeed Talks (January 18, 2018)
Girl Geek X Indeed Talks (January 18, 2018)Girl Geek X Indeed Talks (January 18, 2018)
Girl Geek X Indeed Talks (January 18, 2018)Angie Chang
 
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...iotcloudserve_tein
 
Developing a Threat Modeling Mindset
Developing a Threat Modeling MindsetDeveloping a Threat Modeling Mindset
Developing a Threat Modeling MindsetRobert Hurlbut
 
DevSecOps with Microsoft Tech
DevSecOps with Microsoft TechDevSecOps with Microsoft Tech
DevSecOps with Microsoft TechDarin Morris
 
Service-Oriented Security Engineering
Service-Oriented Security EngineeringService-Oriented Security Engineering
Service-Oriented Security EngineeringRichard Veryard
 
DevOps and the Future of InfoSec
DevOps and the Future of InfoSecDevOps and the Future of InfoSec
DevOps and the Future of InfoSecDarin Morris
 
Introducing TDD to your project
Introducing TDD to your projectIntroducing TDD to your project
Introducing TDD to your projectBastian Feder
 
PHP & The secure development lifecycle
PHP & The secure development lifecyclePHP & The secure development lifecycle
PHP & The secure development lifecycleguestaaf017
 
The Teams Behind DevSecOps
The Teams Behind DevSecOps The Teams Behind DevSecOps
The Teams Behind DevSecOps Uleska
 
Tdd in php a brief example
Tdd in php a brief exampleTdd in php a brief example
Tdd in php a brief exampleJeremy Kendall
 
Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1FRSecure
 
How To Move Mountains - ToorCon 2017
How To Move Mountains - ToorCon 2017How To Move Mountains - ToorCon 2017
How To Move Mountains - ToorCon 2017Aaron Hnatiw
 

Similar to Php Security Workshop (20)

T3DD12 Security Workshop
T3DD12 Security WorkshopT3DD12 Security Workshop
T3DD12 Security Workshop
 
Threat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert HurlbutThreat Modeling workshop by Robert Hurlbut
Threat Modeling workshop by Robert Hurlbut
 
Cybersecurity career options & Getting started
Cybersecurity career options & Getting started Cybersecurity career options & Getting started
Cybersecurity career options & Getting started
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Security
 
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneHost-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
 
Securing Applications
Securing ApplicationsSecuring Applications
Securing Applications
 
Safety Talks Database
Safety Talks DatabaseSafety Talks Database
Safety Talks Database
 
Safety Talks Database Project
Safety Talks Database ProjectSafety Talks Database Project
Safety Talks Database Project
 
Girl Geek X Indeed Talks (January 18, 2018)
Girl Geek X Indeed Talks (January 18, 2018)Girl Geek X Indeed Talks (January 18, 2018)
Girl Geek X Indeed Talks (January 18, 2018)
 
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
Introduction to DevOps and DevOpsSec with Secure Design by Prof.Krerk (Chulal...
 
Developing a Threat Modeling Mindset
Developing a Threat Modeling MindsetDeveloping a Threat Modeling Mindset
Developing a Threat Modeling Mindset
 
DevSecOps with Microsoft Tech
DevSecOps with Microsoft TechDevSecOps with Microsoft Tech
DevSecOps with Microsoft Tech
 
Service-Oriented Security Engineering
Service-Oriented Security EngineeringService-Oriented Security Engineering
Service-Oriented Security Engineering
 
DevOps and the Future of InfoSec
DevOps and the Future of InfoSecDevOps and the Future of InfoSec
DevOps and the Future of InfoSec
 
Introducing TDD to your project
Introducing TDD to your projectIntroducing TDD to your project
Introducing TDD to your project
 
PHP & The secure development lifecycle
PHP & The secure development lifecyclePHP & The secure development lifecycle
PHP & The secure development lifecycle
 
The Teams Behind DevSecOps
The Teams Behind DevSecOps The Teams Behind DevSecOps
The Teams Behind DevSecOps
 
Tdd in php a brief example
Tdd in php a brief exampleTdd in php a brief example
Tdd in php a brief example
 
Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1Slide Deck - CISSP Mentor Program Class Session 1
Slide Deck - CISSP Mentor Program Class Session 1
 
How To Move Mountains - ToorCon 2017
How To Move Mountains - ToorCon 2017How To Move Mountains - ToorCon 2017
How To Move Mountains - ToorCon 2017
 

More from Aung Khant

Introducing Msd
Introducing MsdIntroducing Msd
Introducing MsdAung Khant
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php AppAung Khant
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server IbmAung Khant
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design PatternsAung Khant
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code ReviewAung Khant
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering ExecutiveAung Khant
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith PatternsAung Khant
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web ServersAung Khant
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web AppAung Khant
 
Session Fixation
Session FixationSession Fixation
Session FixationAung Khant
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection PaperAung Khant
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv OwaspAung Khant
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security IissuesAung Khant
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White PaperAung Khant
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementAung Khant
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1Aung Khant
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege EscalationAung Khant
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApacheAung Khant
 
Protecting Web App
Protecting Web AppProtecting Web App
Protecting Web AppAung Khant
 

More from Aung Khant (20)

Introducing Msd
Introducing MsdIntroducing Msd
Introducing Msd
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php App
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server Ibm
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design Patterns
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code Review
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering Executive
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith Patterns
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web Servers
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web App
 
Session Fixation
Session FixationSession Fixation
Session Fixation
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection Paper
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security Iissues
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White Paper
 
S Shah Web20
S Shah Web20S Shah Web20
S Shah Web20
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec Management
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege Escalation
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl Apache
 
Protecting Web App
Protecting Web AppProtecting Web App
Protecting Web App
 

Recently uploaded

Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024Adnet Communications
 
FOREX FUNDAMENTALS: A BEGINNER'S GUIDE.pdf
FOREX FUNDAMENTALS: A BEGINNER'S GUIDE.pdfFOREX FUNDAMENTALS: A BEGINNER'S GUIDE.pdf
FOREX FUNDAMENTALS: A BEGINNER'S GUIDE.pdfCocity Enterprises
 
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...Call Girls Mumbai
 
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...batoole333
 
FE Credit and SMBC Acquisition Case Studies
FE Credit and SMBC Acquisition Case StudiesFE Credit and SMBC Acquisition Case Studies
FE Credit and SMBC Acquisition Case StudiesNghiaPham100
 
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlsMahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlsDeepika Singh
 
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...batoole333
 
Q1 2024 Conference Call Presentation vF.pdf
Q1 2024 Conference Call Presentation vF.pdfQ1 2024 Conference Call Presentation vF.pdf
Q1 2024 Conference Call Presentation vF.pdfAdnet Communications
 
uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...
uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...
uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...batoole333
 
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdfMASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdfCocity Enterprises
 
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...globusfinanza
 
falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesFalcon Invoice Discounting
 
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...Health
 
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budgetSareena Khatun
 
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...Health
 
cost-volume-profit analysis.ppt(managerial accounting).pptx
cost-volume-profit analysis.ppt(managerial accounting).pptxcost-volume-profit analysis.ppt(managerial accounting).pptx
cost-volume-profit analysis.ppt(managerial accounting).pptxazadalisthp2020i
 
Technology industry / Finnish economic outlook
Technology industry / Finnish economic outlookTechnology industry / Finnish economic outlook
Technology industry / Finnish economic outlookTechFinland
 
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...janibaber266
 
Webinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech BelgiumWebinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech BelgiumFinTech Belgium
 

Recently uploaded (20)

Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024
 
FOREX FUNDAMENTALS: A BEGINNER'S GUIDE.pdf
FOREX FUNDAMENTALS: A BEGINNER'S GUIDE.pdfFOREX FUNDAMENTALS: A BEGINNER'S GUIDE.pdf
FOREX FUNDAMENTALS: A BEGINNER'S GUIDE.pdf
 
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
Bhubaneswar🌹Ravi Tailkes ❤CALL GIRLS 9777949614 💟 CALL GIRLS IN bhubaneswar ...
 
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
Famous Kala Jadu, Black magic expert in Faisalabad and Kala ilam specialist i...
 
FE Credit and SMBC Acquisition Case Studies
FE Credit and SMBC Acquisition Case StudiesFE Credit and SMBC Acquisition Case Studies
FE Credit and SMBC Acquisition Case Studies
 
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlsMahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
Mahendragarh Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girls
 
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...
Black magic specialist in Canada (Kala ilam specialist in UK) Bangali Amil ba...
 
Q1 2024 Conference Call Presentation vF.pdf
Q1 2024 Conference Call Presentation vF.pdfQ1 2024 Conference Call Presentation vF.pdf
Q1 2024 Conference Call Presentation vF.pdf
 
uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...
uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...
uk-no 1 kala ilam expert specialist in uk and qatar kala ilam expert speciali...
 
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdfMASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
MASTERING FOREX: STRATEGIES FOR SUCCESS.pdf
 
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...
Avoidable Errors in Payroll Compliance for Payroll Services Providers - Globu...
 
falcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunitiesfalcon-invoice-discounting-unlocking-prime-investment-opportunities
falcon-invoice-discounting-unlocking-prime-investment-opportunities
 
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
+97470301568>>buy weed in qatar,buy thc oil in qatar doha>>buy cannabis oil i...
 
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budgetCall Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
Call Girls Howrah ( 8250092165 ) Cheap rates call girls | Get low budget
 
W.D. Gann Theory Complete Information.pdf
W.D. Gann Theory Complete Information.pdfW.D. Gann Theory Complete Information.pdf
W.D. Gann Theory Complete Information.pdf
 
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...
+971565801893>>SAFE ORIGINAL ABORTION PILLS FOR SALE IN DUBAI,RAK CITY,ABUDHA...
 
cost-volume-profit analysis.ppt(managerial accounting).pptx
cost-volume-profit analysis.ppt(managerial accounting).pptxcost-volume-profit analysis.ppt(managerial accounting).pptx
cost-volume-profit analysis.ppt(managerial accounting).pptx
 
Technology industry / Finnish economic outlook
Technology industry / Finnish economic outlookTechnology industry / Finnish economic outlook
Technology industry / Finnish economic outlook
 
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...
Famous No1 Amil Baba Love marriage Astrologer Specialist Expert In Pakistan a...
 
Webinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech BelgiumWebinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech Belgium
 

Php Security Workshop

  • 1. PHP Chris Shiflett Security Brain Bulb The PHP Consultancy Workshop chris@brainbulb.com
  • 2. Who Am I? (Why Listen to Me?) Author of PHP Security (O'Reilly) and HTTP Developer's Handbook (Sams) Author of Security Corner (php|architect) and Guru Speak (PHP Magazine) Founder of PHP Security Consortium Member of Zend Advisory Board and an author of the Zend PHP Certification Founder and President of Brain Bulb, The PHP Consultancy
  • 3. Talk Outline Introduction Security Principles Two Best Programming Practices Characteristics of a Secure Design Common PHP Vulnerabilities PHP Security Audit HOWTO (abridged) More Information Questions and Answers