Overview
Explore the OWASP PHP Security Project in this conference talk from AppSecUSA 2013. Dive into the efforts of PHP developers to enhance web application security through a collection of decoupled, flexible secure PHP libraries and tools. Learn about the project's framework, including encryption, logging, and password management. Discover advanced topics such as user authentication, cryptography, and protection against SQL injection. Gain insights into the importance of password entropy, secure password functions, and guarding against password guessing attacks. Examine practical examples and explore additional libraries for HTTP security, tainted input handling, and comprehensive logging. Access project resources, including the code repository, sample application, and official documentation to further your understanding of PHP security best practices.
Syllabus
Introduction
AppSec USA
Who is this for
Disclaimer
Other Libraries
Project Introduction
Framework Overview
Why use PHPsec
Encryption
Logs
Password Library
Importance of Password
Password is not guessable
Password entropy
Password functions
Password guessing
Advanced Password Library
User Library
Crypto Library
Example
SQL Injection
Parameterized Query
Download Manager
HTTP Library
Tainted Library
Log Library
Taught by
OWASP Foundation