About the Author

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

DC PHP Conference Recap

Sun, 22 Oct 2006 at 18:38:20 GMT
9 Comments
References

This past Thursday, I attended the DC PHP Conference. Since I was only there for a day, I'm sure I missed a lot, but I did manage to do some of the things on my list.

I attended more talks than usual, including:

Although I didn't see his talk at the conference, Adam Trachtenberg visited OmniTI on Wednesday to give a talk on ext/soap at our weekly developer session.

My talk about PHP Security Testing was just after lunch, and I received a lot of positive feedback. My other talk, The Truth about XSS, was the last talk of the day, and I went over by about 15 minutes. I think this is currently my most interesting talk, and as a testament to this, the room remained packed despite the fact that free beer was available elsewhere. :-) Thanks to everyone who gave up free beer to hear my talk.

I also briefly met David Recordon, one of the guys involved with OpenID. He works at VeriSign, who offers a Personal Identity Provider. This is something Wez has been playing with recently. Hopefully he'll blog about his experiences.

Damien Seguy, who has been tracking PHP 5 adoption statistics for us, mentioned to me that he is gathering statistics from open phpinfo() pages. His statistics reveal that register_globals is enabled on about half of these. (Adam suggested that there is probably a relationship between those who enable register_globals and those who have open phpinfo() pages.) I'm eager to see these statistics published.

Laura, Damien, Adam, and I finished the day at a Chinese restaurant, where I managed to find some spicy food. Damien and Adam both speak Chinese, so I think they appreciated the chance to practice.

All in all, the conference turned out pretty well, and I'm happy to have been a part of it.

About This Post

DC PHP Conference Recap was posted on Sun, 22 Oct 2006 at 18:38:20 GMT.

9 Comments

1. Keith Casey said:

Thanks for coming and I'm glad it worked out so well. Laura puts on a pretty good presentation too. I was also happy to have a few people being opposite of your session and all. ;) I have some coverage going onto my site starting tomorrow.

Is your tutorial at Zend going to overlap with the XSS presentation?
Sun, 22 Oct 2006 at 23:47:34 GMT Link

2. Eddie Peloke said:

I had the pleasure of attending both of your talks and Laura's as well and enjoyed them both. The topics you presented are definitely something that will stick in our minds as we go back to work tomorrow.

It was also good to see that there are companies like OmniTI and others in the area instead of all on the west coast.

Mon, 23 Oct 2006 at 00:20:33 GMT Link

3. Chris Shiflett said:

David Recordon posted his slides:

http://openid.net/pres/2006_DC_PHP_Conference.pdf
Mon, 23 Oct 2006 at 04:43:27 GMT Link

4. Chris Shiflett said:

Keith, my tutorial at ZendCon is going to be more generic than either of my talks at the DC conference, because those were pretty specialized. However, my tutorial does cover XSS and CSRF, and that content should benefit from some of my recent research.

Eddie, glad you liked the talks. :-)
Mon, 23 Oct 2006 at 04:56:56 GMT Link

5. Marcel Esser said:

What was especially interesting about the talk was walking to a terminal and searching Google Code for $PHP_SELF afterwards.

People just don't learn.
Mon, 23 Oct 2006 at 16:31:54 GMT Link

6. Chris Shiflett said:

Brian Wasserman has graciously provided a recording of my talks:

http://download.starvingprogrammer....ris%20Shiflett/

I haven't listened to them, because I hate the sound of my own voice, but hopefully you won't mind. :-)

Thanks, Brian!
Tue, 24 Oct 2006 at 03:04:01 GMT Link

7. Travis Phipps said:

I've been listening to the recordings (thanks Brian!), but I can't seem to find your slides posted anywhere. Are they available for download? I'd love to have my co-worker listen to the security testing one, but I think he'll be lost without the visuals.
Wed, 25 Oct 2006 at 17:28:55 GMT Link

8. Chris Shiflett said:

Sorry about that, Travis. I'll be posting them here:

http://omniti.com/resources/talks
Wed, 25 Oct 2006 at 17:40:46 GMT Link

9. Travis Phipps said:

Sorry to keep bugging you, but it appears that the slides haven't been posted yet. Just wanted to send you a reminder.

Thanks!
Tue, 07 Nov 2006 at 15:52:01 GMT Link

Ash Searle wrote:: It might be worth changing your example code from using htmlentities to htmlspecialchars. Runn...; Posted in Allowing HTML and Preventing XSS
Chris Shiflett wrote:: Hi Steve, According to the NYT Manual of Style and Usage, it's push-up: Most but not all co...; Posted in Miscellaneous
steve wrote:: so, is it push up, pushup or push-up? just curious... --steve --www.hundredpushups.com; Posted in Miscellaneous
Walter Lawless wrote:: It's sad to think that even now, nearly 4 years after this was originally written, that there are...; Posted in
Asanka Dewage wrote:: I've been a Mac user for over a year now and I didn't know about the [say] command! What a nifty ...; Posted in Miscellaneous

Browse Comments

Planet

Book Review: Learning jQuery: From Ken Guest
No. 172: From Jon Tan
Mozilla file icon magic: From Shane Caraveo
Had the snip: From Andrew van der Stock
Squirrel: From Rich Bowen

Explore the Planet

Fresh Links

Explore Links

Main Menu

About the Author

DC PHP Conference Recap

About This Post