O'Reilly Open Source Convention
Books Safari Bookshelf Conferences O'Reilly Network

Arrow Home
Arrow Registration
Arrow Speakers
Arrow Keynotes
Arrow Tutorials
Arrow Sessions
Arrow At-a-Glance
Arrow Wiki
Arrow BOFs
Arrow Events
Arrow Exhibitors
Arrow Sponsors
Arrow Hotel/Travel
Arrow Venue Map
Arrow See & Do
Arrow Tips for
Arrow Press
Arrow Mail List



Foiling Cross-Site Attacks
Chris Shiflett, Principal, OmniTI Computer Consulting, Inc.

Track: Security
Date: Thursday, July 29
Time: 2:35pm - 3:20pm
Location: Mt. Hood


PHP is quickly becoming the world's most popular programming language for creating web applications. As more and more applications are being built for the Web, security is becoming a crucial topic. One of the best methods you can use to educate yourself about PHP security is to study the various types of attacks that you must defend against.

This talk introduces two of the most common types of attacks that current web developers face, Cross-Site Scripting (XSS) and Cross-Site Request Forgeries (CSRF). Because XSS involves exploiting the trust granted to a particular web site and CSRF involves exploiting the trust granted to a particular user, these two example attacks will help demonstrate a wide variety of application-based attacks.

By using examples that illustrate exactly how these types of attacks are accomplished, Shiflett shows simple and effective techniques that you can use to help prevent such vulnerabilities in your own PHP applications.

O'Reilly Home | Privacy Policy

© 2004, O'Reilly Media, Inc.