September 20th, 2011
New York PHP Community
, in collaboration with OWASP
, is holding a monthly series that reviews each of the OWASP Top Ten Web Security
As we enter the final months of 2011, we welcome back Anthony Ferrara to share his insight and expertise on broken authentication and session management.
The next threat in our series is Broken Authentication and Session Management. We'll look at the common ways that Authentication is broken, ways to tell if your authentication system is broken, and how to write a secure authentication system. Then, we will dive into sessions and how to manage them properly. There will also be a live demonstration of a Bad Web Application that is vulnerable to this class of vulnerabilities. Finally, we will walk through a few popular frameworks and see how their offerings stand up against the OWASP security recommendations.
The PHP core provides a lot of functionality out of the box, come find out if it is secure enough for you to use!
Anthony Ferrara is a Senior Developer at NBC Universal, a Zend Certified Engineer and a OWASP member. He is a contributor to multiple Open Source projects as well as the community as a whole. He is also a former Core Team Member and Development Coordinator for the Joomla! project, as well as a former leader of its Security team. You can follow his blog at blog.ircmaxell.com or on Twitter at @ircmaxell.