About the Author

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

PHP Security by Example

Fri, 16 Sep 2005 at 18:10:28 GMT
6 Comments
References

I gave three talks at this year's phpworks conference. The most popular was PHP Security by Example, a talk that consists entirely of exercises. This approach is unique in the sense that the focus is on first exploiting vulnerable code and then fixing it. I think seeing how easy some exploits are gives people a better appreciation and understanding of the safeguards.

The slides are available in PDF and Flash format:

I'll post the slides to the other talks soon.

About This Post

PHP Security by Example was posted on Fri, 16 Sep 2005 at 18:10:28 GMT.

6 Comments

1. Matthom said:

Cool, thanks. I noticed there is no "Back" button on that Flash presentation - which is quite aggravating. Unless I missed it somehow...

Can't wait for the PHP Security book to hit the shelves... It's something that few people take notice of.
Fri, 16 Sep 2005 at 23:10:26 GMT Link

2. Chris Shiflett said:

That Flash file is generated from Keynote, so apologies for any missing features. If a future version of Keynote improves upon the Flash export (the layout is also slightly broken), I'll be happy to export the slides again.

I hope you enjoy the book. :-)
Mon, 19 Sep 2005 at 06:21:59 GMT Link

3. Dmitry said:

Chris, sorry, but I can`t download http://brainbulb.com/phpworks.tar.gz :(
Mon, 19 Sep 2005 at 13:04:23 GMT Link

4. Chris Shiflett said:

Thanks, Dmitry. It should be fixed now.
Mon, 19 Sep 2005 at 13:45:33 GMT Link

5. Dmitry said:

Thanks, we`ll be waiting for the slides to the other talks on PHP Security by Example ;)
Thu, 22 Sep 2005 at 07:53:24 GMT Link

6. imran said:

Hi

With all the design concepts and other dross floating around in my head, I've become completely paralyzed on what to do next.

On one hand, I want to do something and I want to do it right. On the other hand, I don't know what this "right" is.

I want to use controllers, but I don't really know what they are. Right now, I have a bunch of cobbled together pages. I *could* move them into classes, which would probably help factoring them into more controller oriented things, but I want to get it right the first time. And I know I can't.

In this mentality, I think I have bitten off more than I can chew. Every small step means more steps when the final design comes into place, but without small steps I cannot get anywhere.

I need help.

Imran Hashmi

http://www.visionstudio.co.uk
Fri, 04 Nov 2005 at 09:29:11 GMT Link

Upcoming Talks

php|tek

19 - 22 May 2009

At Sheraton Gateway Suites Chicago O'Hare, Chicago, Illinois.

OSCON

20 - 24 Jul 2009

At San Jose McEnery Convention Center, San Jose, California.

New Comments

Ronald wrote:: A little hard for a rookie like me, but useful. I also thought you'd like to know there is a grea...; Posted in A rev="canonical" HTTP Header
Alex wrote:: Aren't you forgetting that the session will expire if _write() is never called? That excludes ...; Posted in
Andy Mabbett wrote:: @Chris Shiflett, #4, belatedly: Google only accepts rel=canonical within the same domain. My s...; Posted in A rev="canonical" HTTP Header
Kenneth Udut wrote:: I've implemented this rev="canonical" idea on http://free.naplesplus.us in the hopes that it catc...; Posted in Save the Internet with rev="canonical"
Mark wrote:: After reading your article and all the comments, what I got out of this was that sessions are not...; Posted in