Talks

International PHP Conference 2006

Filtering Tainted Data: ext/filter vs. Zend_Filter
All input should be considered tainted. The question is: how do we filter it to ensure that the input received is the input expected? This talk will examine the PECL Input Filter extension and the Zend_InputFilter class from the Zend Framework, comparing and contrasting their approaches to filtering input. We’ll consider examples of both techniques and see how they work to ensure that the data we receive is safe to use.
Download slides [PDF]

Designing & Implementing RESTful Web Services
Representational State Transfer (REST) has become the method of choice for many Web Services wishing to avoid or provide an alternate to their SOAP and XML-RPC interfaces. This talk will explain the theory of REST and offer an approach to design a REST service. We’ll look at many existing REST examples and examine a practical implementation of a service using PHP and SimpleXML.
Download slides [PDF]

Zend/PHP Conference & Expo 2006

XML & Web Services with PHP (An Overview)
What is XML? What are Web Services? This talk will answer both of these questions, exploring ways to use the powerful features of PHP 5 to consume and create XML-based Web Services. Topic will include SOAP, XML-RPC, and REST, giving real-world examples and explaining the differences between and benefits of each.
Download slides [PDF]

Atlanta PHP

XSS and CSRF: Programmers Prepare, Users Beware
7 July 2005
Cross-site scripting (XSS) and cross-site request forgeries (CSRF) are often confused as being one and the same, but this misconception can lead to disastrous results. In this talk, you will encounter each of these attacks through examples and learn to distinguish between them. You will also examine secure coding practices and techniques for prevention.
Download slides [PDF]

Server-side PHP Security
2 June 2005
An extension of my talk at the International PHP Conference in Amsterdam, this talk explores PHP security from the server side and discusses ways to “harden” the Web server to prevent attacks.
Download slides [PDF]

International PHP Conference 2005 Spring Edition

Framing the Frameworks: What Are They and Do I Need One?
PHP-based frameworks proliferate on the Web. Everyone’s created one in some form or another, and many have slapped an OSS license on their’s and are offering it for mass consumption. This talk will discuss frameworks, what they are, and how they can be utilized for rapid application development to save time and money. In addition, several PHP frameworks will be explored and evaluated.
Download slides [PDF]

3, 2, 1 … gone: Web Application Security
No week passes without a new security vulnerability. However, more often it is not a browser, server, or OS that is affected, but a web site. Most often, the same mistakes are made, paired with lazy programmers. This talk seeks to change this and covers securing a PHP-enabled website. Part I, presented by Christian Wenz, examines programming mistakes, how attackers work, and what measures can be taken to avoid traps. Part II, presented by Ben Ramsey, examines security from the server-side and explores best practices for configuring PHP on the server.
Download slides [PDF]

PHP in a Whole New World: Desktop Applications Built in PHP-GTK
For several years, PHP has dominated on the Web, becoming the leading Web scripting language. However, PHP is not only for Web use; it is a general-purpose language that can be used to create desktop applications using GTK extensions. This talk examines some of the more popular applications created using PHP-GTK, as well as providing resources for more information on creating PHP-GTK applications.
Download slides [PDF]