Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

PHP is Evil - Defensive Programming

PHP UK Conference via YouTube

Overview

Explore the dark side of PHP in this 35-minute conference talk from PHP UK Conference 2013. Delve into the language's troubled upbringing and potential security pitfalls. Learn about PHP's evolution, best development practices, and security considerations when working with C libraries. Discover unexpected function behaviors, browser quirks, and LAMP stack security configurations. Identify common mistakes, security antipatterns, and fallacies. Gain insights on code review techniques and developing a security-focused mindset. Cover topics such as string escaping, input cleaning, and securing PHP applications. Examine a real-world case study demonstrating target discovery and exploitation. Walk away with practical knowledge on defensive programming and strategies to mitigate PHP's potential vulnerabilities.

Syllabus

Intro
Welcome!
What we are going to talk about today...
for example
Some things to avoid...
String Escaping
Correct way to escape
Input Cleaning
Random cool IE hack...
More Strings!!!!
Affected Functions?
Securing around PHP
Case Study
Target & Discovery
Step 2: Exploit!
Find the password!
Some easy ways this could have been avoided
Wrapping up...

Taught by

PHP UK Conference

Reviews

Start your review of PHP is Evil - Defensive Programming

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.