PHP Code Audit

Philippe Gamache (Parler Haut, Interagir Librement), Damien Seguy (Alterway Consulting)
PHP, Security, Web Applications
Location: Ballroom A8
Presentation File:
PHP Code Audit Presentation [PDF]
Average rating: ***..
(3.83, 6 ratings)

In this laboratory, we will carry out a safety audit of an Open Source web application. The technical objective is to provide a complete report and treat all phases of investigative work: black box analysis, open source analysis, identifying vulnerabilities (XSS, injections, disclosure, etc.), recommendations for strengthening, and prioritization of tasks. All skills will be tested in this complex exercise.

We will work on a real application: (The name of the application will come later). The laboratory will end with the handing over of the report to the authors of the application so they can have an outside view on the safety of the application.

Philippe Gamache

Parler Haut, Interagir Librement

Philippe is the co-author of a PHP security book call “Sécurité PHP 5 et MySQL 5”. Frequent speaker, he’s a trainer for Sensio Labs; training peoples on symfony and PHP security. He’s on the board of OWASP Montreal Chapter’s. When he has some time, he’s adding many new security features to symfony.

Damien Seguy

Alterway Consulting

Damien Seguy contributes to PHP and MySQL since 1999: promotion, documentation, creation of local user groups and participation in conferences and writing technical articles.

Mr. Seguy is editor of the french magazine Direction|PHP (www.directionphp.biz), and portal technical www.nexen.net. It publishes monthly statistics on PHP. He works as an expert PHP and MySQL Nexen Services, Paris, a hosting company and services specializing in Open Source.

Mr. Seguy is a founder of AFUP (http://www.afup.org) and co-founder of PHP Quebec (http://www.phpquebec.com/), which recognized organize conferences in Paris and Montreal . He is also author of 3 books on PHP and MySQL, the first DVD devoted to PHP, and co-author of the PHP certification. It contributes to the French translation of documentation PHP and MySQL.

Comments on this page are now closed.

Comments

Picture of Damien Seguy
Damien Seguy
07/25/2009 7:11am PDT

OK, they are already on Slideshare.

www.slideshare.net/dseguy/o...

Philippe Gamache
07/24/2009 11:13pm PDT

The file was Upload, it should appear shortly!

Ralph Wissing
07/24/2009 4:14pm PDT

I would also appreciate if the slides were made available. Thanks!

randy melder
07/22/2009 10:42am PDT

Very informative and well put together.

Jared Meeker
07/21/2009 11:53am PDT

The examples were informative at the end. I wonder if their tokenizer script will be made available?

Dean Jefferson
07/21/2009 11:19am PDT

Very good information on auditing of PHP applications. I hope the slides will be available online at some point for attendees.

  • Intel
  • Microsoft
  • Google
  • SourceForge.net
  • Sun Microsystems
  • Facebook
  • Gear6
  • Kaltura
  • Liferay
  • MindTouch
  • MySpace.com
  • Novell, Inc.
  • Open Invention Network
  • Rackspace Cloud
  • Schooner Information Technology
  • Silicon Mechanics
  • Symbian Foundation
  • Twilio
  • WSO2
  • Yabarana Corporation

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at scordesse@oreilly.com

Download the OSCON Sponsor/Exhibitor Prospectus

Media Partner Opportunities

Download the Media & Promotional Partner Brochure (PDF) for information on trade opportunities with O'Reilly conferences or contact mediapartners@ oreilly.com

Press and Media

For media-related inquiries, contact Maureen Jennings at maureen@oreilly.com

OSCON Newsletter

To stay abreast of conference news and to receive email notification when registration opens, please sign up for the OSCON newsletter (login required)

Contact Us

View a complete list of OSCON contacts