Jump to content
Fi8sVrs

PHP Website Security, Attack Analysis, & Mitigations

Recommended Posts

  • Active Members
Posted

Description: Founder, NovaInfosecPortal.com

Salvador Grec has over 16 years experience, undergraduate and graduate degrees in Electrical Engineering, and a really well known security

certification. Even though his training was in Electrical Engineering, Sal has always been more of a Computer Science person at heart going

back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for 5 years, he discovered his love of

infosec and has been pursuing this career ever since. Currently, he spends his days doing cyber security paperwork drills in building and

maintaining multi-billion dollar government systems. At night he runs a local infosec website and tries to get some hands-on skillz.

Title: PHP Website Security, Attack Analysis, & Mitigations

PHP is a very powerful language for easily developing web applications however this convenience sometimes comes at the cost of security.

Issues can arise from everything from language vulnerabilities and weak default settings to insecure coding practices and misconfigurations. This presentation plans to address many of these concerns by providing valuable lessons in the security of, attacks against, and management of PHP in your environment. The talk begins with an overview of PHP security, including it’s known issues and corresponding security enhancements the maintainers have incorporated over time. Beginning with a general discussion of PHPIDS and how it can be used as an event tracker, the presentation next provides a peak

into some of the more interesting attacks against a security website as well as overall trends from two years in deployment. The talk closes with a strategy for analyzing the risks in your PHP environment and applying corresponding PHP and platform/network mitigations to minimize your attack surface.

http://rvasec.com/slides/2012/8_grec_php_insecurity_rvasec_2012.pptx

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.

Sources:

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...