Session

PHP Security Audit HOWTO
Chris Shiflett, Principal, OmniTI Computer Consulting, Inc.

Track: Open Source
Date: Thursday, 21 September 2006
Time: 11:10 - 11:50
Location: Salon Memling

Peer code reviews are a frequently neglected asset of professional PHP development teams. With a moderate understanding of how to audit PHP code, you can vastly improve the security of your team's PHP applications. This talk explains the art of the PHP security audit. Using practical examples, you are shown how to search for common mistakes, identify filtering and escaping errors, and report your findings.