I'll be visiting Cincinnati briefly tomorrow (Thu, 21 Aug 2008) to give my talk entitled Security 2.0 at the local PHP user group, OINK-PUG. Elizabeth Naramore is kindly hosting me, so I'll be able to fraternize after the meeting, which is always the best part of any user group.
This talk is one of the least PHP-specific talks I give, so if you're in the area and interested in learning a bit more about evolving trends in web application security, I hope you'll join us. In case it helps convince you, here's the talk description:
Web 2.0 has been described as many things. It's the Web as a platform, a network of networks, the architecture of participation. However you choose to define it, the way we build applications online has changed. Web sites do more by empowering users, but this has opened a Pandora's box. Cross-site scripting (XSS), cross-site request forgeries (CSRF), and Ajax are being combined in creative new ways to launch sophisticated attacks that penetrate firewalls, target users, and spread like worms.
This talk examines this new threat, dubbed Security 2.0, by demonstrating some hypothetical and real exploits as well as discussing methods of safeguard and prevention.
The meeting takes place at Bridge Worldwide, who happen to have a nice map on their site. As far as I can tell, their office is located on the word Cincinnati (on Google Maps), so it must be smack in the middle of the city.
I might bring an extra copy or two of Essential PHP Security to give away, and you will receive a copy of the slides of my tutorial of the same name as a token of appreciation for sharing your time with us. I have also heard unconfirmed reports that there will be pole dancing.
I hope to see you there. :-)