NYCPHP Meetup

NYPHP.org

[nycphp-announce] next at nyphp: Wietse Venema on PHP Tainted Variables

New York PHP noreply at nyphp.com
Fri Apr 18 14:42:42 EDT 2008 

April General Meeting:
Web 2.0 Mashups from IBM
------------------------

 NOTE: This meeting occurs on MONDAY, April 21st.

 When: MONDAY, April 21st, 6:30pm sharp (4th Tuesday of every month)
Where: IBM, 590 Madison Avenue, Room 1219 (12th Floor)
 RSVP: http://www.nyphp.org/rsvp.php

New York PHP is honored to have open source great Wietse Venema speak about
his recent work on PHP tainted variable support, a critical piece of
security.

 NOTE: This meeting occurs on MONDAY, April 21st.

PHP is a popular server scripting language for creating dynamic web page
content. While writing applications can be relatively easy, avoiding
security holes can be difficult. In an attempt to help improve PHP
application security, Wietse proposed to add run-time support for tainted
variables in December 2006, and released a first implementation in November
2007. With a run-time overhead of only 1-2%, permanent deployment becomes a
realistic option. Wietse will show how his taint support works, and how it
can help programmers to eliminate vulnerabilities such as Cross-site
scripting, SQL injection, Shell command injection, Remote file inclusion,
and more.

Wietse Venema is known for his software such as the TCP Wrapper and the
POSTFIX mail system. He co-authored the SATAN network scanner and the
Coroner's Toolkit (TCT) for forensic analysis, as well as a book on Forensic
Discovery. Wietse received awards from the System Administrator's Guild
(SAGE), the Netherlands UNIX User Group (NLUUG), as well as a Sendmail
innovation award. He served a two-year term as chair of the international
Forum of Incident Response and Security Teams (FIRST). Wietse currently is a
research staff member at the IBM T. J. Watson research center. After
completing his Ph.D. in physics he changed career to computer science and
never looked back.

Thank you to IBM for providing a great presentation space in Midtown
Manhattan. As a service to our community, New York PHP Community meetings
are always free and open to the public.

Come prepared with a business card to enter book raffles.

 NOTE: This meeting occurs on MONDAY, April 21st.

 When: MONDAY, April 21st, 6:30pm sharp (4th Tuesday of every month)
Where: IBM, 590 Madison Avenue, Room 1219 (12th Floor)
 RSVP: http://www.nyphp.org/rsvp.php

You must RSVP within 30 days of the meeting you attend!

---
New York PHP Community
http://www.nyphp.org

More information about the announce mailing list