Chris Shiflett, Principal, OmniTI Computer Consulting, Inc.
Date: Thursday, July 29
Time: 2:35pm - 3:20pm
Location: Mt. Hood
PHP is quickly becoming the world's most popular programming language for creating web applications. As more and more applications are being built for the Web, security is becoming a crucial topic. One of the best methods you can use to educate yourself about PHP security is to study the various types of attacks that you must defend against.
This talk introduces two of the most common types of attacks that current web developers face, Cross-Site Scripting (XSS) and Cross-Site Request Forgeries (CSRF). Because XSS involves exploiting the trust granted to a particular web site and CSRF involves exploiting the trust granted to a particular user, these two example attacks will help demonstrate a wide variety of application-based attacks.
By using examples that illustrate exactly how these types of attacks are accomplished, Shiflett shows simple and effective techniques that you can use to help prevent such vulnerabilities in your own PHP applications.