NYCPHP Meetup

[John Lacey]

Hans Zaunere wrote:
>>Chris Shiflett wrote:
>>
>>
>>>It doesn't take too terribly long to verify the validitity, or lack
>>>thereof, of what is mentioned on Security Focus relating to PHP. Maybe
>>>NYPHP could host a Snopes-like site for this type of thing. :-)
> 
> 
> Very good thoughts.
> 
> 
>>From: John Lacey
>>
>>I was thinking that it would be a really cool and helpful 
>>project for interested NYPHP members to set up what amounts 
>>to a 'honeypot' -- with a different twist -- for 
>>proving/testing/evaluating/hacking/messing-with/bashing an 
>>AMP platform/apps./utilities/whatever.
> 
> 
> Ditto here, too.  We have the horsepower to dedicate a server for this.  Also, we need to get our CMS solidified, at which point it'll be a snap for people to get content (from both aforementioned topics) online ASAP.  We'll need someone to head these efforts up...?
> 

Hi Hans,

I'd like to volunteer to be involved with ongoing security 
issues from a distance, like testing code, or contributing 
to short (PHundamentals?) articles.  But we need at least 
one local NYPHP member with more than a smattering of
knowledge and experience in this area (and that's not me at 
the moment).  Since my main interest is in teaching people 
who are newcomers to AMP and other OSS stuff, it is 
critically important they start off with good coding 
techniques (I teach PEAR Coding Standards) and especially 
the security concerns and repercussions of what they're 
doing.  It's easy to say "Never trust user input", but that 
doesn't mean a whole hell of a lot unless you show people 
the HOW of it and they code it up for themselves.

... steps off learning soap box...

I think NYPHP could provide an extremely valuable service to 
the AMP community at large with an ongoing security focus on 
both basic and advanced best practices.  In that regard, I'm 
looking forward to Chris' Security book.

Let me know how I can help.
thanks,
John