Chris Shiflett, OmniTI Computer Consulting, Inc.
Date: Thursday, July 10
Time: 2:30pm - 3:15pm
Location: Salon D
PHP is quickly becoming the world's most popular programming language for
creating web applications. As more and more applications are being built for
the Web, application security is becoming a crucial topic. One of the best
methods you can use to educate yourself about web application security is to
study the various types of attacks that you must defend against.
Shiflett's session introduces two common types of attacks that current Web developers
face, Cross-Site Scripting (XSS) and Cross-Site Request Forgeries (CSRF).
Because XSS involves exploiting the trust granted to a particular Web site and
CSRF involves exploiting the trust granted to a particular user, these attacks
represent a wide range of application-based attacks.
By using examples that illustrate exactly how these types of attacks are
achieved, you are shown simple and effective techniques that you can use to
help prevent similar vulnerabilities in your own PHP applications.