BSidesDE Talk Info

I’m excited to have been accepted to speak at this year’s two-day BSidesDE event starting Friday, November 9th at Wilmington University. We have a lot cool content we’re working on to turn this PHP security material into a very cool resource that all infosec pros can use to better reach out to the PHP developer community. Anyway, here is my talk info:

Title: PHP Website Security, Attack Analysis, & Mitigations

Abstract: PHP is a very powerful language for easily developing web applications however with this power comes great responsibility … and in this case that means not shooting yourself in the foot with lax security practices. Issues can arise from everything from language vulnerabilities and weak default settings to insecure coding practices and misconfigurations. This presentation plans to address many of these concerns by providing valuable lessons in the security of, attacks against, and management of PHP in your environment. The talk begins with an overview of PHP security, including it’s known issues and corresponding security enhancements the maintainers have incorporated over time. Beginning with an in-depth discussion of Suhosin and how it can be used to lock down your PHP environment, the presentation next details PHPIDS and how it can be used to detect PHP-centric threats. The talk closes with a strategy for analyzing the risks in your PHP environment and applying corresponding PHP and platform/network mitigations to minimize your attack surface.

For more information on BSidesDE 2012 check out their main page. And also their CFP is still open so if you’re on the fence the due date is October 5th.

Hope to see you there!


Today’s post pic is from See ya!

3 comments for “BSidesDE Talk Info

  1. October 3, 2012 at 1:30 pm

    BLOGGED: BSidesDE Talk Info //CFP is still open .. closing 10/5!

  2. October 3, 2012 at 10:14 pm

    #NOVABLOGGER: BSidesDE Talk Info

  3. October 4, 2012 at 8:47 am

    BLOGGED: BSidesDE Talk Info //CFP still open until 10/5.. @BSidesDE

Leave a Reply

Your email address will not be published. Required fields are marked *