About the Author

Chris Shiflett

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

Security 2.0 in Cincinnati

I'll be visiting Cincinnati briefly tomorrow (Thu, 21 Aug 2008) to give my talk entitled Security 2.0 at the local PHP user group, OINK-PUG. Elizabeth Naramore is kindly hosting me, so I'll be able to fraternize after the meeting, which is always the best part of any user group.

This talk is one of the least PHP-specific talks I give, so if you're in the area and interested in learning a bit more about evolving trends in web application security, I hope you'll join us. In case it helps convince you, here's the talk description:

Web 2.0 has been described as many things. It's the Web as a platform, a network of networks, the architecture of participation. However you choose to define it, the way we build applications online has changed. Web sites do more by empowering users, but this has opened a Pandora's box. Cross-site scripting (XSS), cross-site request forgeries (CSRF), and Ajax are being combined in creative new ways to launch sophisticated attacks that penetrate firewalls, target users, and spread like worms.

This talk examines this new threat, dubbed Security 2.0, by demonstrating some hypothetical and real exploits as well as discussing methods of safeguard and prevention.

The meeting takes place at Bridge Worldwide, who happen to have a nice map on their site. As far as I can tell, their office is located on the word Cincinnati (on Google Maps), so it must be smack in the middle of the city.

I might bring an extra copy or two of Essential PHP Security to give away, and you will receive a copy of the slides of my tutorial of the same name as a token of appreciation for sharing your time with us. I have also heard unconfirmed reports that there will be pole dancing.

I hope to see you there. :-)

About This Post

Security 2.0 in Cincinnati was posted on Wed, 20 Aug 2008 at 21:15:06 GMT.

2 Comments

1. Chris Shiflett's GravatarChris Shiflett said:

The meeting starts at 7 PM.

Thu, 21 Aug 2008 at 03:30:55 GMT Link

2. Pablo's GravatarPablo said:

Chris,

Thanks for coming to Cincinnati. It was good to reinforce these concepts. I could not stay after the talk which would have been nice.

After talking to some people I got the feeling that would have been nice to see some working examples. Some got lost on the theory and I got the feeling they did not get the real threat.

Pablo

Fri, 22 Aug 2008 at 13:46:47 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Talks

php|works / PyWorks

12 - 14 Nov 2008

At Sheraton Gateway Hotel Atlanta Airport, Atlanta, Georgia.

New Comments

Dave wrote:

Hi Seth, I'm experiencing exactly the same problem as you have. Have you fixed it? How?

Posted in
Matt Robinson wrote:

Wotcha Chris, thanks for the tip about headers in the web inspector, I hadn't noticed them! (Actu...

Posted in Inspecting and Hacking HTTP
Stelian Mocanita wrote:

Not much I know so far, didn't get far with debugging it to get as far as http headers but I know...

Posted in Facebook Worm
Chris Shiflett wrote:

Yes, good point. The message this worm sends is really just a phishing attack, and Facebook is do...

Posted in Facebook Worm
yawnmoth wrote:

Given that Samy required no action on the users part, above and beyond viewing an infected users ...

Posted in Facebook Worm

Browse Comments