PHP Security, Redefined

Presented at AppSec USA 2015, Sept. 25, 2015, 11:30 a.m. (55 minutes)

Let's be honest, PHP has had a rocky history with security. Over the years the language has been highly criticized for it's lack of a focus on security and secure development practices. In more recent years, however, a resurgence has happened in the language and community, bringing secure development back into focus. With PHP 7 on the horizon, the language is making even more strides to improve some of its wayward ways of the past and reinvent itself. I'll share practical code examples, tools, libraries and best practices that are making it easier than ever to keep PHP applications safe.

Come along with me as I guide you through both the language improvements and community encouragement making PHP a more secure place.

Presenters:

• Chris Cornutt - Application Security Engineer - Pardot
  For the last 10+ years, Chris has been involved in the PHP community in one way or another. These days he's the Senior Editor of PHPDeveloper.org, lead author for Websec.io, a site dedicated to teaching developers about security and the Securing PHP ebook series. He's also written for several PHP publications and has spoken at conferences in both the U.S. and Europe on security-related topics. He's also an organizer of the DallasPHP User Group and the Lone Star PHP Conference and works as an application security developer for Pardot, a Salesforce company.

Links:

• https://appsecusa2015.sched.com/event/3U3W/php-security-redefined
• https://infocon.org/cons/OWASP/AppSecUSA 2015/PHP Security, Redefined - Chris Cornutt.mp4

Similar Presentations:

• DerbyCon 2.0 Reunion (2012) / PHP Website Security, Attack Analysis, & Mitigations
• Black Hat USA 2010 / Utilizing Code Reuse/Return Oriented Programming in PHP Web Application Exploits
• 33C3 (2016) / Exploiting PHP7 unserialize: teaching a new dog old tricks