HOME JAVA & JEE OPEN SOURCE .NET WEB & RIA CLOUD & GRID ARCHITECTURE & DDD AGILE PM & SCRUM AGILE TESTING & BDD OS, MOBILE & SERVER  
Yahoo! Developer Network:PHP Security
PHP Security
In this Yahoo Developer Night Jose gives a talk on PHP Security, demonstrating the most common security issues, how to exploit them and how to protect an application against them. This is a great talk for anyone who writes web applications in PHP. The basic premise is that you automatically distrust any input that comes from the user.

Jose goes through all of the main hacking techniques used to break into PHP web applications and how dangerous it can be if your website contains any of the commonly exploited issues. The techniques illustrated are:

XSS (Cross Site Scripting) – Inserting content into a page

SQL Injection – Executing SQL statements on the server

File Uploads – Allowing the user to upload a file and how this can be exploited.

General configuration issues

Jose also illustrates how quickly a website can be broken if it’s not secure in relation to any of these techniques. The talk is very informative and useful to anyone involved in PHP applications. It definitely makes you think twice when dealing with user input.

ABOUT JOSE PALAZON
Jose Palazon (palako) is responsible for Mobile security worldwide at Yahoo!. He is 8+ years experienced in security advisory and...
More about Jose Palazon
PODCAST PHP SECURITY
Digg! StumbleUpon
SPONSORS
Yahoo! Developer Network
RIA, AJAX & WEB COURSES
Beginning Adobe AIR - Building your first applications, ADOBE AIR INTRO
Adobe Flex for Flash Developers, ADOBE FLEX FOR FLASH DEVELOPERS
Introduction to Adobe Flex, ADOBE FLEX INTRO
HTTP Server Whizz: Advanced HTTP Server Administration, ADVANCED HTTP SERVER ADMINISTRATION
Developing Mobile Applications with Android, ANDROID MOBILE APP DEVELOPMENT
Brian Sletten's Semantic Web Technologies Bootcamp, BRIAN SLETTEN'S SEMANTIC WEB BOOTCAMP
Building Dynamic Web Applications with Ajax, BUILDING DYNAMIC WEB APPLICATIONS WITH AJAX
Building Google Maps Applications with Rails and Ajax, BUILDING GOOGLE MAPS
Dojo and Dijit In Depth, DOJO AND DIJIT IN DEPTH D
Introduction to Dojo Data, Grids, Charts, and Comet , DOJO DATA, GRIDS, CHARTS, COMET
Dojo Workshop, DOJO WORKSHOP
HTML5 Communication: Using Web Sockets and more to build real-time Web applications, HTML5 COMMUNICATION: USING WEB SOCKETS & MORE TOO
Object-Oriented ActionScript - Advanced, OBJECT-ORIENTED ACTIONSCRIPT - ADVANCED
Object-Oriented ActionScript - Beginners, OBJECT-ORIENTED ACTIONSCRIPT - BEGINNERS
RDFa The Theory and Practice of Structured Data Publishing, RDFA THE THEORY AND PRACTICE OF STRUCTURED DATA PU
Ruby Bootcamp , RUBY BOOTCAMP
Core RoR: Web Development With Ruby on Rails, RUBY ON RAILS WEB DEVELOPMENT
RIA, AJAX & WEB PODCASTS
Chris Parsons:Software Craftsmanship Ideas & Eden, Software Craftsmanship Ideas & Eden
Chris Parsons : 10th Mar 2010		 View Podcast: Software Craftsmanship Ideas & Eden,
Corey Haines:Software Craftsmanship Terminology, Software Craftsmanship Terminology
Corey Haines : 10th Mar 2010		 View Podcast: Software Craftsmanship Terminology,
Cagatay Civici:PrimeFaces: Next Generation JSF Component Suite, PrimeFaces: Next Generation JSF Componen
Cagatay Civici : 3rd Mar 2010		 View Podcast: PrimeFaces: Next Generation JSF Component Suite,
Karl Widmer:Integrating JSF with Spring Web Flow, Integrating JSF with Spring Web Flow
Karl Widmer : 3rd Mar 2010		 View Podcast: Integrating JSF with Spring Web Flow,
Rick Evans:Flex and Spring Integration:Introducing Spring BlazeDS Integration, Flex and Spring Integration
Rick Evans : 17th Feb 2010		 View Podcast: Flex and Spring Integration:Introducing Spring BlazeDS Integration,
Ian Robinson:Hydra and Hypermedia, Hydra and Hypermedia
Ian Robinson : 11th Feb 2010		 View Podcast: Hydra and Hypermedia,
Paul Ardeleanu:Rails & iPhone Integration , Rails & iPhone Integration
Paul Ardeleanu : 10th Feb 2010		 View Podcast: Rails & iPhone Integration ,
Alex MacCaw:Bowline: A Ruby GUI Framework, Bowline: A Ruby GUI Framework
Alex MacCaw : 10th Feb 2010		 View Podcast: Bowline: A Ruby GUI Framework,
Anup Narkhede:Architecture of Birdpie, a Twitter Application, Architecture of Birdpie, a Twitter Appli
Anup Narkhede : 10th Feb 2010		 View Podcast: Architecture of Birdpie, a Twitter Application,
Murray Steele:Fibers in Ruby 1.9, Fibers in Ruby 1.9
Murray Steele : 10th Feb 2010		 View Podcast: Fibers in Ruby 1.9,
Murray Steele:Introduction, Introduction
Murray Steele : 10th Feb 2010		 View Podcast: Introduction,
Joel Chippindale:Show Off, a Ruby-Based HTML Presentation Software, Show Off, a Ruby-Based HTML Presentation
Joel Chippindale : 10th Feb 2010		 View Podcast: Show Off, a Ruby-Based HTML Presentation Software,
Brent Snook:Decorating the Domain - Wrapping Polymorphic Presentation Logic Around the Model, Decorating the Domain
Brent Snook : 10th Feb 2010		 View Podcast: Decorating the Domain - Wrapping Polymorphic Presentation Logic Around the Model,
Ismael Celis:Using Websockets with EventMachine, Using Websockets with EventMachine
Ismael Celis : 10th Feb 2010		 View Podcast: Using Websockets with EventMachine,
Lars Jorgensen:Evolution of Data Models in Rails - Lessons Learned, Evolution of Data Models in Rails - Less
Lars Jorgensen : 10th Feb 2010		 View Podcast: Evolution of Data Models in Rails - Lessons Learned,
OTHER RIA, AJAX & WEB EVENTS
Adobe RIA User Group:Introduction to Accessibility API in Flex, Adobe RIA User Group
FREE EVENT: Accessibility API in Flex
London, Wednesday, March 17th
:Object-Oriented ActionScript - Beginners, Object-Oriented ActionScript - Beginners
1 DAY COURSE.
Paris, Tuesday, March 30th
:Introduction to Adobe Flex, Adobe Flex Intro
1 DAY COURSE.
Paris, Tuesday, April 13th
Alan Cassar:Developing Mobile Applications with Android, Android Mobile App Development
3 DAY COURSE. Featuring Alan Cassar
London, Wednesday, April 14th
:Adobe Flex for Flash Developers, Adobe Flex for Flash Developers
1 DAY COURSE.
Paris, Monday, April 19th
Andrew Chalkley:Core RoR: Web Development With Ruby on Rails, Ruby on Rails Web Development
4 DAY COURSE. Featuring Andrew Chalkley
Paris, Tuesday, April 20th
:Developing Mobile Applications with Android, Android Mobile App Development
3 DAY COURSE.
Paris, Wednesday, April 21st
Peter Lubbers:HTML5 Communication: Using Web Sockets and more to build real-time Web applications, HTML5 Communication: Using Web Sockets & more too
3 DAY COURSE. Featuring Peter Lubbers
London, Wednesday, April 21st
© Copyright 2003-2010, Skills Matter Ltd
  Web development by You In Control
About Us  Jobs  Find Us  Meeting & Training Rooms  Newsletter  Community  Community-FR  Apress  1st Teach  Jobs: Sales Executive  Jobs: Student Podcaster  jobs - marketing assistant  Spring Certification