Click for Details
Browse and upload photos of events, at the
NYPHP flickr Group.
Link up with NYPHP at the
PHP LinkedIn Group.
prev: Building Mobile Applications using Flash Builder for PHP
next: Composing PHP projects: A new PHP package manager
php meetup
In the final inning of a shutout June, we welcome back Anthony Ferrara to share his insight and expertise on the ubiquitous vulnerability that is cross site scripting (XSS).
Cross Site Scripting (XSS) is currently listed as OWASP's #2 highest risk vulnerability affecting web applications today, yet most people simply don't understand why they need to be concerned, and even more don't know how to properly protect themselves against these common threats.
In this talk we will go over the core concepts of XSS - what it is, how it's exploited, and the severity of the problem. We will dissect a real-world web application to demonstrate finding - and exploiting - vulnerabilities. Finally, we will review how to both prevent and thwart the XSS risk in your code.
Anthony Ferrara is a Senior Developer at NBC Universal, a Zend Certified Engineer and a OWASP member. He is a contributor to multiple Open Source projects as well as the community as a whole. He is also a former Core Team Member and Development Coordinator for the Joomla! project, as well as a former leader of its Security team. You can follow his blog at blog.ircmaxell.com or on Twitter at @ircmaxell.
Cross Site Scripting (XSS) and PHP Security
OWASP Top 10 Web Application Security Risks Monthly Series
June 30th, 2011
New York PHP Community, in collaboration with OWASP, is holding a monthly series that reviews each of the OWASP Top Ten Web Security threats.In the final inning of a shutout June, we welcome back Anthony Ferrara to share his insight and expertise on the ubiquitous vulnerability that is cross site scripting (XSS).
Cross Site Scripting (XSS) is currently listed as OWASP's #2 highest risk vulnerability affecting web applications today, yet most people simply don't understand why they need to be concerned, and even more don't know how to properly protect themselves against these common threats.
In this talk we will go over the core concepts of XSS - what it is, how it's exploited, and the severity of the problem. We will dissect a real-world web application to demonstrate finding - and exploiting - vulnerabilities. Finally, we will review how to both prevent and thwart the XSS risk in your code.
Anthony Ferrara is a Senior Developer at NBC Universal, a Zend Certified Engineer and a OWASP member. He is a contributor to multiple Open Source projects as well as the community as a whole. He is also a former Core Team Member and Development Coordinator for the Joomla! project, as well as a former leader of its Security team. You can follow his blog at blog.ircmaxell.com or on Twitter at @ircmaxell.
Resources
RELATED PRESENTATIONS
free PHP thumbnail maker CSS & Javascript minify gzip pipeline online API and console
Free API and developer tools console for PageSpeed optimization.