October 31st, 2009
This was presented at the
PHP Barcelona 2009 Conference.
Anyone involved in web application development over the last five years should be aware of the security ecosystem surrounding PHP. Often overhyped, sometimes dramatic, and always interesting, the topics of PHP and security are usually linked at the hip, and a favorite comedy topic for those involved with other languages.
While PHP has made some security mistakes in the past, the focus of criticism is often misguided. The applicable codebase for the security notices - whether it be the PHP core, an extension, or an application - is forgotten and PHP as a whole gets one more strike.
PHP also provides great power and flexibility. But with it, comes great responsibility. As with any application living on the internet, it's the entire support staff's responsibility architect, developer, and administrator - to ensure an application meets organization security requirements.
In this talk, Hans Zaunere, Managing Member, New York PHP, provides tips, tricks, and fundamental best practices from the trenches for ensuring your code and LAMP deployment isn't caught off guard. He'll then review the PHP security ecosystem and available resources, debunk myths, and reveal some surprising facts that could leave you thinking PHP is one of the most secure languages available today.