As we announced last month DerbyCon is upon us and I’m excited to be heading down into Louisville soon! I even scored a last-minute room at the con hotel from some of those less fortunate to have had to cancel. I’m supposed to be arriving at 10:00 PM this evening so if anyone wants to split a cab to they Hyatt ping me on Twitter at @grecs and we can set something up.
Anyway, if anyone is up for meeting up, getting some drinks, or just arguing the intricacies of infosec, just hit me up. I always enjoy meeting new people so please don’t be shy … come up and introduce yourself. I’ll be doing a mix of attending talks, networking, and of course some blogging. When not doing any of the above, you’ll probably find me in the vendor area (or wherever I can find a power and Internet access) hungered down over my laptop. I’ll should be sporting a black ScotteVest so maybe that will (or will not) help me stand out some. To get updates as to where I might be the best way is to probably track me on Twitter at @grecs.
For those interested I’m honored to be presenting at DerbyCon on Sunday at 11:30 on PHP security where I’ll try to dispel the myth that PHP is insecure. Here’s the abstract for those that are interested.
“PHP Website Security, Attack Analysis, & Mitigations”
PHP is a very powerful language for easily developing web applications however with this power comes great responsibility … and in this case that means not shooting yourself in the foot with lax security practices. Issues can arise from everything from language vulnerabilities and weak default settings to insecure coding practices and misconfigurations. This presentation plans to address many of these concerns by providing valuable lessons in the security of, attacks against, and management of PHP in your environment. The talk begins with an overview of PHP security, including it’s known issues and corresponding security enhancements the maintainers have incorporated over time. Beginning with an in-depth discussion of Suhosin and how it can be used to lock down your PHP environment, the presentation next details PHPIDS and how it can be used to detect PHP-centric threats. The talk closes with a strategy for analyzing the risks in your PHP environment and applying corresponding PHP and platform/network mitigations to minimize your attack surface.
And with that I look forward to getting in soon and meeting everyone at the conference!
Today’s post pic is from SecurityOrb.com. See ya!