About the Author

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

OSCON Wrapup

Thu, 31 Jul 2008 at 21:56:04 GMT
4 Comments
References

Another OSCON has come and gone. It was a very busy week filled with talks, work, social events, and everything in between. (Sleep is optional and not recommended.)

The OmniTI family (Message Systems included) was well represented with a number of speakers and talks:

Chris Shiflett: Experience-Driven Development: Designers and Developers Working in Harmony; Security 2.0: Emerging Trends in Web Application Security
David Gray: How I Learned to Love Revision Control
Luke Welling: PHP Taint Tool: It Ain't a Parser
Mike Hillyer: How to be Normal: A Guide for Developers
Robert Treat: Pro PostgreSQL
Theo Schlossnagle: Full-Stack Introspection Crash Course
Wez Furlong: Hot Chocolate: Creating Cocoa Apps with PHP; PDO: PHP Data Objects; PHP Extension Writing

Experience-Driven Development is a talk I gave with Jon Tan, and we explored ways designers and developers can collaborate better to create a better user experience, and thereby create a better web site. The talk was rough around the edges, but we have received a number of positive reviews so far, and it has sparked some interesting discussions. My own thoughts on the matter aren't too solidified yet, because I'm better at identifying problems than coming up with solutions. :-) The sheer volume of horrible web sites is proof that industry standard practices suck.

I had planned to give Security 2.0 for the last time at this conference, but I received more positive feedback than I think I ever have. I was very pleased to note that more than half of the audience (which was a pretty large audience in the main auditorium) was at least somewhat familiar with CSRF already. (This was a first.) Perhaps I should just refine the talk to focus less on explaining what XSS and CSRF are and more on the interesting exploits that combine them with other technologies such as Ajax and Flash.

Luke's talk was about a security tool we've been developing at OmniTI as part of our web application security practice. It's called SNAP, and we plan to open source it soon. Garrett Serack of Microsoft attended the talk and explains it in a little more detail, and I hope to post more about SNAP soon.

I dined at Mint during 3 of my 6 evenings in Portland. Delicious. :-) I also made my way to Doug Fir and Vault, both of which are popular among OSCON regulars.

I used Twitter throughout the conference, and it looks like searching for shiflett+oscon finds most of my relevant updates, if you're interested.

I hear OSCON is coming to San Francisco next year. Be there. :-)

About This Post

OSCON Wrapup was posted on Thu, 31 Jul 2008 at 21:56:04 GMT.

4 Comments

1. Sean Coates said:

You just posted this so your last entries didn't scroll into oblivion, didn't you? (-: (Aug 1st today, and all)

S

Fri, 01 Aug 2008 at 05:09:05 GMT Link

2. Chris Shiflett said:

Yeah, and so that the navigation here didn't have any gaps:

http://shiflett.org/blog

I need to blog more. :-)
Fri, 01 Aug 2008 at 14:15:20 GMT Link

3. Jan said:

Heya Chris,

it was nice finally meeting you in person.

Cheers

Jan

--
Sun, 03 Aug 2008 at 11:47:22 GMT Link

4. Jon Tan said:

It was great to be there, meet so many good people, and soak in the atmosphere (sometimes literally). Mint was a highlight! Next time out of the blocks I have a feeling our talk might prompt a few more discussions, especially given the very useful feedback from people. Thanks for hosting me Chris, I appreciate it.
Wed, 06 Aug 2008 at 13:52:07 GMT Link

Ronald wrote:: A little hard for a rookie like me, but useful. I also thought you'd like to know there is a grea...; Posted in A rev="canonical" HTTP Header
Alex wrote:: Aren't you forgetting that the session will expire if _write() is never called? That excludes ...; Posted in
Andy Mabbett wrote:: @Chris Shiflett, #4, belatedly: Google only accepts rel=canonical within the same domain. My s...; Posted in A rev="canonical" HTTP Header
Kenneth Udut wrote:: I've implemented this rev="canonical" idea on http://free.naplesplus.us in the hopes that it catc...; Posted in Save the Internet with rev="canonical"
Mark wrote:: After reading your article and all the comments, what I got out of this was that sessions are not...; Posted in