HOME SCALA & F# JAVA .NET WEB GROOVY & GRAILS ANDROID & IOS NOSQL ARCHITECTURE AGILE & SCRUM AGILE DEVELOPER  
Yahoo! Developer Network:PHP Security
PHP Security
In this Yahoo Developer Night Jose gives a talk on PHP Security, demonstrating the most common security issues, how to exploit them and how to protect an application against them. This is a great talk for anyone who writes web applications in PHP. The basic premise is that you automatically distrust any input that comes from the user.

Jose goes through all of the main hacking techniques used to break into PHP web applications and how dangerous it can be if your website contains any of the commonly exploited issues. The techniques illustrated are:

XSS (Cross Site Scripting) – Inserting content into a page

SQL Injection – Executing SQL statements on the server

File Uploads – Allowing the user to upload a file and how this can be exploited.

General configuration issues

Jose also illustrates how quickly a website can be broken if it’s not secure in relation to any of these techniques. The talk is very informative and useful to anyone involved in PHP applications. It definitely makes you think twice when dealing with user input.

ABOUT JOSE PALAZON
Jose Palazon (palako) is responsible for Mobile security worldwide at Yahoo!. He is 8+ years experienced in security advisory and...
More about Jose Palazon

ABOUT THE YAHOO! DEVELOPER NETWORK
The Yahoo! Developer Network offers Web Services and APIs that make it easy for developers to build applications and mashups. Yahoo! APIs let developers tap into Yahoo!'s world-class data and infrastructure to help power their businesses and integrate data sources in new ways, making the web a more useful and interesting place for everyone.
More about the Yahoo! Developer Network
PODCAST PHP SECURITY
SPONSORS
Yahoo! Developer Network
JAVASCRIPT & HTML5 COURSES
Brian Sletten's Semantic Web Technologies Bootcamp, BRIAN SLETTEN'S SEMANTIC WEB BOOTCAMP
Christophe Herreman & Roland Zwaga's Spring ActionScript course, CHRISTOPHE HERREMAN'S SPRING ACTIONSCRIPT COURSE
Damjan Vujnovic's Advanced JavaScript Workshop, DAMJAN VUJNOVIC'S ADVANCED JAVASCRIPT WORKSHOP
David A. Black's Ruby Bootcamp , DAVID A. BLACK'S RUBY BOOTCAMP
David Pollak's Lift Basics Workshop, DAVID POLLAK'S LIFT BASICS
Dmitry Buzdin's Advanced Google Web Toolkit: Large-Scale GWT Development, DMITRY BUZDIN'S ADVANCED GOOGLE WEB TOOLKIT
Gavin Bell's Creating Social Applications, GAVIN BELL'S SOCIAL APPLICATIONS
Mark Birbeck's RDFa The Theory and Practice of Structured Data Publishing, MARK BIRBECK'S RDFA THEORY AND PRACTICE
Matthew Baxter-Reynolds' PhoneGap/Apache Cordova End-to-end, MATTHEW BAXTER-REYNOLDS' PHONEGAP/APACHE CORDOVA
Peter Lubbers' HTML5 Mobile Mastery, PETER LUBBERS' HTML5 MOBILE MASTERY
Peter Lubbers' HTML5 Performance, Communication, and WebSockets Training Course, PETER LUBBERS' HTML5 PERFORMANCE & WEBSOCKETS
Russel Winder's Python Workshop, RUSSEL WINDER'S PYTHON WORKSHOP
Typesafe's Fast Track to Play, TYPESAFE'S FAST TRACK TO PLAY
JAVASCRIPT & HTML5 PODCASTS
Christophe Coenraets:Cross-Platform Mobile Apps with HTML, JavaScript and PhoneGap, Cross-Platform Mobile Apps
Christophe Coenraets : 24th May 2012		 View Podcast: Cross-Platform Mobile Apps with HTML, JavaScript and PhoneGap,
Paul Ardeleanu:Native vs HTML5 - why, when and how to use them, Native vs HTML5
Paul Ardeleanu : 22nd May 2012		 View Podcast: Native vs HTML5 - why, when and how to use them,
Luke Daley: Managing JavaScript with Gradle, JavaScript with Gradle
Luke Daley : 22nd May 2012		 View Podcast: Managing JavaScript with Gradle,
Elise Huard:Ruby’s bin men: a closer look at the garbage collector, Ruby’s bin men: a closer look at the gar
Elise Huard : 14th May 2012		 View Podcast: Ruby’s bin men: a closer look at the garbage collector,
Tom Stuart:Dependency Injection, the Dependency Inversion Principle, and You, Dependency Injection
Tom Stuart : 14th May 2012		 View Podcast: Dependency Injection, the Dependency Inversion Principle, and You,
Tom McMillen:CouchDB at the Hut Group, CouchDB at the Hut Group
Tom McMillen : 9th May 2012		 View Podcast: CouchDB at the Hut Group,
John Zablocki:The Couchbase Server Tutorial, The Couchbase Server Tutorial
John Zablocki : 9th May 2012		 View Podcast: The Couchbase Server Tutorial,
Peter Martischka:Etherpad Lite: Make Collaborative Editing the Standard on the Web, Etherpad Lite
Peter Martischka : 8th May 2012		 View Podcast: Etherpad Lite: Make Collaborative Editing the Standard on the Web,
Tiago Rodriguez:Continuously integrated JS development with Buster.js and Phantom.js, Buster.js and Phantom.js
Tiago Rodriguez : 8th May 2012		 View Podcast: Continuously integrated JS development with Buster.js and Phantom.js,
Gavin Bell:Is Everything Social?, Is Everything Social?
Gavin Bell : 8th May 2012		 View Podcast: Is Everything Social?,
Brian Sletten:Information Resources : Moving Beyond Objects, Moving Beyond Objects
Brian Sletten : 3rd May 2012		 View Podcast: Information Resources : Moving Beyond Objects,
Brian Sletten:Information Resources: Moving Beyond Objects (Part 2), Moving Beyond Objects
Brian Sletten : 3rd May 2012		 View Podcast: Information Resources: Moving Beyond Objects (Part 2),
Brian Sletten:Testing REST with BDD, REST & BDD
Brian Sletten : 2nd May 2012		 View Podcast: Testing REST with BDD,
Dmitry Buzdin:State of the Web, State of the Web
Dmitry Buzdin : 1st May 2012		 View Podcast: State of the Web,
Lukas Oberhuber:Lightning Talks: Simply Business, Simply Business
Lukas Oberhuber : 23rd Apr 2012		 View Podcast: Lightning Talks: Simply Business,
OTHER JAVASCRIPT & HTML5 EVENTS
Progressive .NET Tutorials 2012, Progressive .NET Tutorials 2012
CONFERENCE (3 DAYS)
London, Tuesday, May 29th BOOK NOW!
The London Python Group:A Python code review of multilango.com, The London Python Group
FREE EVENT: Python code review
London, Wednesday, June 6th
Dutch Mobile Conference, Dutch Mobile Conference
CONFERENCE (3 DAYS)
Amsterdam , Thursday, June 7th BOOK NOW!
London Ruby User Group:ElasticSearch, London Ruby User Group
FREE EVENT: ElasticSearch
, Monday, June 11th
Gavin Bell:Gavin Bell's Creating Social Applications, Gavin Bell's Social Applications
2 DAY COURSE. Featuring Gavin Bell
London, Thursday, June 14th
QCon New York 2012, QCon New York 2012
CONFERENCE (3 DAYS)
New York, Monday, June 18th BOOK NOW!
:Typesafe's Fast Track to Play, Typesafe's Fast Track to Play
1 DAY COURSE.
London, Friday, June 22nd
Damjan Vujnovic:Damjan Vujnovic's Advanced JavaScript Workshop, Damjan Vujnovic's Advanced JavaScript Workshop
2 DAY COURSE. Featuring Damjan Vujnovic
London, Monday, June 25th
© Copyright 2003-2011, Skills Matter Ltd
  Web development by You In Control
About Us  Jobs  Find Us  Meeting & Training Rooms  Newsletter  Jobs: Sales Executive  Jobs: Student SkillsCaster  jobs - junior event coordinator  Speed Coding 2011  Open Source Journal  Ticket Raffle  Agile Expert Series  Jobs: Sponsorship Development  jobs: Marketing & Sales Graduate Internship