About the Author

Hi, I'm Chris, a web developer and a founding member of Analog. I live and work in Brooklyn, NY.

Security 2.0 in Cincinnati

Wed, 20 Aug 2008 at 21:15:06 GMT
2 Comments
References

I'll be visiting Cincinnati briefly tomorrow (Thu, 21 Aug 2008) to give my talk entitled Security 2.0 at the local PHP user group, OINK-PUG. Elizabeth Naramore is kindly hosting me, so I'll be able to fraternize after the meeting, which is always the best part of any user group.

This talk is one of the least PHP-specific talks I give, so if you're in the area and interested in learning a bit more about evolving trends in web application security, I hope you'll join us. In case it helps convince you, here's the talk description:

Web 2.0 has been described as many things. It's the Web as a platform, a network of networks, the architecture of participation. However you choose to define it, the way we build applications online has changed. Web sites do more by empowering users, but this has opened a Pandora's box. Cross-site scripting (XSS), cross-site request forgeries (CSRF), and Ajax are being combined in creative new ways to launch sophisticated attacks that penetrate firewalls, target users, and spread like worms.

This talk examines this new threat, dubbed Security 2.0, by demonstrating some hypothetical and real exploits as well as discussing methods of safeguard and prevention.

The meeting takes place at Bridge Worldwide, who happen to have a nice map on their site. As far as I can tell, their office is located on the word Cincinnati (on Google Maps), so it must be smack in the middle of the city.

I might bring an extra copy or two of Essential PHP Security to give away, and you will receive a copy of the slides of my tutorial of the same name as a token of appreciation for sharing your time with us. I have also heard unconfirmed reports that there will be pole dancing.

I hope to see you there. :-)

About This Post

Security 2.0 in Cincinnati was posted on Wed, 20 Aug 2008 at 21:15:06 GMT.

2 Comments

1. Chris Shiflett said:

The meeting starts at 7 PM.
Thu, 21 Aug 2008 at 03:30:55 GMT Link

2. Pablo said:

Chris,

Thanks for coming to Cincinnati. It was good to reinforce these concepts. I could not stay after the talk which would have been nice.

After talking to some people I got the feeling that would have been nice to see some working examples. Some got lost on the theory and I got the feeling they did not get the real threat.

Pablo
Fri, 22 Aug 2008 at 13:46:47 GMT Link

Chris Shiflett wrote:: Glad it helped, Niall!; Posted in Git on Snow Leopard
Niall Kelly wrote:: Having tried other methods without success and looked through plenty of bloated documentation, th...; Posted in Git on Snow Leopard
liukang wrote:: I have problem with this example. In my php.ini magic_quotes_gpc is off so i'm using only addsla...; Posted in addslashes() Versus mysql_real_escape_string()
RyanTheGreat wrote:: Well, I'm not Chris, but I will do my best to address the questions raised in the comments by Ian...; Posted in Security Corner: Cross-Site Request Forgeries
Chris Shiflett wrote:: Thanks for the kind words, Simon. I'm glad you liked the tutorial. In case it's helpful, here'...; Posted in Webstock