Click for Details
Browse and upload photos of events, at the
NYPHP flickr Group.
Link up with NYPHP at the
PHP LinkedIn Group.
prev: Composing PHP projects: A new PHP package manager
next: Introducing the Joomla! Platform for Web and CLI Applications
php meetup
As we enter the final months of 2011, we welcome back Anthony Ferrara to share his insight and expertise on broken authentication and session management.
The next threat in our series is Broken Authentication and Session Management. We'll look at the common ways that Authentication is broken, ways to tell if your authentication system is broken, and how to write a secure authentication system. Then, we will dive into sessions and how to manage them properly. There will also be a live demonstration of a Bad Web Application that is vulnerable to this class of vulnerabilities. Finally, we will walk through a few popular frameworks and see how their offerings stand up against the OWASP security recommendations.
The PHP core provides a lot of functionality out of the box, come find out if it is secure enough for you to use!
Anthony Ferrara is a Senior Developer at NBC Universal, a Zend Certified Engineer and a OWASP member. He is a contributor to multiple Open Source projects as well as the community as a whole. He is also a former Core Team Member and Development Coordinator for the Joomla! project, as well as a former leader of its Security team. You can follow his blog at blog.ircmaxell.com or on Twitter at @ircmaxell.
Broken Authentication and Session Management
OWASP Top 10 Web Application PHP Security Risks Monthly Series
September 20th, 2011
New York PHP Community, in collaboration with OWASP, is holding a monthly series that reviews each of the OWASP Top Ten Web Security threats.As we enter the final months of 2011, we welcome back Anthony Ferrara to share his insight and expertise on broken authentication and session management.
The next threat in our series is Broken Authentication and Session Management. We'll look at the common ways that Authentication is broken, ways to tell if your authentication system is broken, and how to write a secure authentication system. Then, we will dive into sessions and how to manage them properly. There will also be a live demonstration of a Bad Web Application that is vulnerable to this class of vulnerabilities. Finally, we will walk through a few popular frameworks and see how their offerings stand up against the OWASP security recommendations.
The PHP core provides a lot of functionality out of the box, come find out if it is secure enough for you to use!
Anthony Ferrara is a Senior Developer at NBC Universal, a Zend Certified Engineer and a OWASP member. He is a contributor to multiple Open Source projects as well as the community as a whole. He is also a former Core Team Member and Development Coordinator for the Joomla! project, as well as a former leader of its Security team. You can follow his blog at blog.ircmaxell.com or on Twitter at @ircmaxell.
RELATED PRESENTATIONS
free PHP thumbnail maker CSS & Javascript minify gzip pipeline online API and console
Free API and developer tools console for PageSpeed optimization.