PHP Security in Vancouver

09 Jun 2005

I'm off to Vancouver to speak at PHP West. This entire conference is about PHP security, which is both surprising and encouraging. Security seems to be getting more and more attention within the PHP community, and even if I have very little to do with that, it's nice to see. PHP's poor reputation regarding security is undeserved, and while this is obvious to most people in the community, it is less obvious to those on the outside.

I'll be giving a talk called the PHP Security Audit HOWTO. Although Brain Bulb offers professional PHP security audits, this talk will focus on how to effectively leverage peer reviews. Professional security audits are expensive, and peer reviews are a frequently overlooked alternative. A good audit takes a lot of time, but you probably have coworkers who spend half their time reading Slashdot anyway. Put those lazy bastards to work! :-)

Bruce Perens is also giving a talk, so perhaps I'll get to meet him. PHP folks might know him as the name behind the Bruce Perens Open Source Series, the series that brought us PHP 5 Power Programming (by Andi, Derick, and Stig). (This book is now freely available in PDF format.)

I'll be sure to post my slides when I return.