Thu, 21 Jul 2005 21:27 UTC
From the introduction:
“This year has seen an increased focus on PHP security, and this is good for the language, developers, and business community. One phrase that comes to mind when discussing secure coding practices is Chris Shiflett’s mantra of ‘filter input, escape output.’ While we know what this means in a general sense, practical examples elude us. Ben Ramsey provides part one of his input filtering series, chock full of code examples.”
5 Comments »
Permalink
Tags: articles, filter-input, php, php-architect, security, tips-and-tricks
Wed, 20 Jul 2005 21:20 UTC
From the introduction:
“Has your blog (or that of a friend) been inundated with comment spam? Columnist Ben Ramsey brings back the Tips & Tricks column with an overview of ways to prevent this annoying side-effect of running a publicly-commentable website.”
1 Comment »
Permalink
Tags: articles, captcha, php, php-architect, tips-and-tricks
Wed, 6 Jul 2005 21:14 UTC
Tomorrow marks Atlanta PHP’s fourth consecutive, regular meeting at New Horizons in Tucker, GA. Originally, Matt Kern was slated to present a talk on Ajax, but he is now gearing up to move to Oregon, so he is not able to prepare his presentation. Thus, I have taken up the reigns again, and I will be presenting a talk that I’m preparing for some of the fall conferences (in the event that my proposals are selected).
The talk I’m presenting was actually inspired by several questions asked during my presentation at the last Atlanta PHP meeting, in which I briefly covered cross-site scripting (XSS) and cross-site request forgeries (CSRF) but went on to describe server configuration instead of a more in-depth discussion on XSS and CSRF. This talk goes into more detail where the other left off and approaches these attacks from the application (code) level.
XSS and CSRF: Programmers Prepare, Users Beware
Cross-site scripting (XSS) and cross-site request forgeries (CSRF) are often confused as being one and the same, but this misconception can lead to disastrous results. In this talk, you will encounter each of these attacks through examples and learn to distinguish between them. You will also examine secure coding practices and techniques for prevention.
So, if you’re in the Atlanta area tomorrow, come on out and join Atlanta PHP at 7:00 PM EDT at New Horizons in Tucker.
Looking forward, our August and September meetings are already shaping up and the topics are very promising. We’ll discuss what’s in the forecast at our meeting tomorrow.
12 Comments »
Permalink
Tags: atlphp, csrf, php, security, talks, xss
