php meetup

PHP Security and Tainted Variables, with Wietse Venema

Preventing SQL Injection, Command Line Injection and Remote File Inclusion in PHP

April 21st, 2008

New York PHP is honored to have open source great Wietse Venema speak about his recent work on PHP tainted variable support, a critical piece of security.

NOTE: This meeting occurs on Monday, April 21st.

PHP is a popular server scripting language for creating dynamic web page content. While writing applications can be relatively easy, avoiding security holes can be difficult. In an attempt to help improve PHP application security, Wietse proposed to add run-time support for tainted variables in December 2006, and released a first implementation in November 2007. With a run-time overhead of only 1-2%, permanent deployment becomes a realistic option. Wietse will show how his taint support works, and how it can help programmers to eliminate vulnerabilities such as Cross-site scripting, SQL injection, Shell command injection, Remote file inclusion, and more.

Wietse Venema is known for his software such as the TCP Wrapper and the POSTFIX mail system. He co-authored the SATAN network scanner and the Coroner's Toolkit (TCT) for forensic analysis, as well as a book on Forensic Discovery. Wietse received awards from the System Administrator's Guild (SAGE), the Netherlands UNIX User Group (NLUUG), as well as a Sendmail innovation award. He served a two-year term as chair of the international Forum of Incident Response and Security Teams (FIRST). Wietse currently is a research staff member at the IBM T. J. Watson research center. After completing his Ph.D. in physics he changed career to computer science and never looked back.

Thank you to IBM for providing a great presentation space in Midtown Manhattan. As a service to our community, PHP NY UG meetings are always free and open to the public.

Resources

RELATED PRESENTATIONS

View all PHP presentations.

CSS JS minify thumbnail maker online API

free PHP thumbnail maker CSS & Javascript minify gzip pipeline online API and console

Free API and developer tools console for PageSpeed optimization.