PHP security conference

It is the age of integrated communication. Content is created using rich interfaces by users for others users, collected by feed aggregators, collaboratively bookmarked, tagged, complemented by maps and delivered as a service for mash-ups. A good portion of this services a supplied by the LAMP (Linux, Apache, MySQL, PHP / Python / Perl). Since every technology has its dark companion, new security risks arose, and others grew more important. The course starts with a sight from a hackers point of view and describes to hack a web application if you know the sourcecode - or if you don't. Rather complicated hacking strategies are explained, and so are the nowadays famous XSS exploits how they lead to javascript malware. The second part shows protection strategies for XSS, SQL-Injections, code executions and finally how to protect the whole platform. If you are developing PHP applications and want to now about the old and new security risks, this presentation is for you.

Johann-Peter Hartmann

Johann-Peter Hartmann is founder of the php support enterprise ThinkPHP and CTO and shareholder of Mayflower GmbH. He is member of the php documentation team and has been involved in several pear and pecl projects. He has published articles in the php magazine and the german computer magazine ix, and is author of a soon to be published enterprise php book.

He has been speaker at several php conferences and other conferences like ajax in action or webinale. He is responsible for the php and web 2.0 security scanner Chorizo! and contributed to the security of PHPMyFAQ, PHProjekt, TikiWiki, PostNuke, Serendipity, DCP-Portal and others. He has done security audits for several german banks and portal sites.

AGENDA:

Time: 9.00 - 17.00 (Lunch: 12.00 - 13.30)

• 1. Wearing the Black Hat I:
  Black Box Pen Testing LAMP Applications
  • 1.1 Informations Disclosure
  • 1.2 SQL-Injections
  • 1.3 Code Executions
  • 1.4 Code Inclusions
  • 1.5 XSS (more to come later)
  • 1.6 Using google to find a Target
• 2. Wearing the Black Hat II:
  White Box Analysis / Security Auditing PHP
  • 2.2 Equipment you need
  • 2.3 Critical function analysis
    • 2.3.1 Code Executions
    • 2.3.2 Code Inclusions
    • 2.3.3 SQL injections
    • 2.3.4 Shell Executions
  • 2.4 Input based analysis
  • 2.5 Empty variable analysis
• 3. Wearing the Black Hat III:
  Advanced Exploits
  • 3.1 Blind SQL-Injections
  • 3.2 Funny Code Executions
  • 3.3 File/Url Inclusions
• 4. XSS
  • 4.1 Why you should care about XSS
  • 4.2 What XSS is about
  • 4.3 3 Types of XSS
  • 4.4 Where XSS can happen
• 5. Evil JavaScript
  • 5.1 JavaScript Backdoors
  • 5.2 Universal XSS
  • 5.3 Local XSS
  • 5.4 Code-Page based XSS
  • 5.5 JavaScript Viruses and Worms
  • 5.6 Intranet Exploits
• 6. Wearing the White Hat I:
  Protecting against XSS
  • 6.1 Input Validation
  • 6.2 Output Encodings
  • 6.3 Why universal filtering won't work
  • 6.4 Checking for XSS
• 7. Wearing the White Hat II:
  Protecting against SQL-Injections
  • 7.1 Binding APIs
  • 7.2 Escaping user input
• 8. Wearing the White Hat III:
  Protecting against foreign code
  • 8.1 Code Execution
  • 8.2 Code Inclusions
  • 8.3 Escaping for Shell Executions
• 9. Protecting the platform
  • 9.1 WAFs
  • 9.2 Chrooting
  • 9.3 SE-Linux and AppArmor
  • 9.4 IDS