PHPSecInfo

Wednesday, September 19, 2007

PHP|Works 2007: Presentations and Thoughts

php|works - it's about the booze. Photo by Terry Chay

php|works 2007 was last week, and it was a great experience for me. Here are the slides and code from the presentations I gave:

I really enjoyed my trip to Atlanta and the conference experience. Much like php|tek this year in Chicago, ‘works was filled with lots of great content, smart people, and a casual, comfortable atmosphere that makes the whole thing a lot of fun. The php|architect conferences lack pretension, and that’s really nice — it’s about the people and sharing knowledge. And this one was really special for me because it’s the first time I’ve given a presentation to my colleagues in the community. I was very nervous, but it all turned out well.

I’m too lazy busy to write out an extended journal of the whole experience, but here are some memorable moments:

  • Being sick just two days before I was about to leave, and getting better just in time to go
  • Having my first flight cancelled, giving me time to mostly finish my CodeIgniter talk before I left the Indy airport
  • Getting to the hotel just in time to catch Chris Shiflett’s funny PHP4 is Dead keynote
  • Discovering the hotel room had a flat-panel TV. Unfortunately, no HD content
  • Catching up with Lucas Nealan, and getting an unexpected phonecall with great news
  • The fact that there were about 7,000 iPhones on-hand
  • The Paul Reinheimer quad-core drinking demo (sponsored by Microsoft)
  • Ramblecast: the loudest, drunkest, least productive group podcasting experiment ever
  • Learning a lot more about the Filter extension from Derick Rethans, and seeing how it compares to Inspekt
  • Losing power in the middle of my PHPSecInfo talk, and Paul M. Jones resuscitating the projector
  • Terry Chay’s software architecture talk. I didn’t agree with everything he said, but I laughed my ass off
  • Meeting people who have actually heard of me and used tools I’ve made. Weird
  • Good conversations with too many people to name
, , , , , , , , ,
Posted in Inspekt, PHPSecInfo, My Projects, InfoSec, PHP by funkatron on 09/19 at 09:30 PM
(2) Comments

Monday, September 10, 2007

Giving Two Talks at php|works Atlanta this week

James Gang

This Friday, I’ll be giving two talks at php|works Atlanta: one on the CodeIgniter framework, and one on PhpSecInfo.

Intro to CodeIgniter

September 14, 2007 @ 1:15 – 2:15pm

CodeIgniter is an open-source web application framework written in PHP. Created by EllisLab, CI is descended from the ExpressionEngine CMS system, and therefore has a focus on real-world needs and solutions for PHP developers. CI is easy to deploy, and works with a wide variety of environments (even FTP-only shared hosting accounts). It offers powerful features like MVC and ActiveRecord without requiring the developer to adhere to strict coding guidelines. It’s easy to extend, and plays well with other code libraries like PEAR and Zend Framework.

In this talk we’ll go over the basics of CI: how to deploy it and writing a simple application. As time allows, we’ll discuss how to extend the framework with other libraries.

Securing the PHP Environment With PhpSecInfo

September 14, 2007 @ 4:30 – 5:30pm

PhpSecInfo is an easy to use security auditing tool for the PHP Environment. We’ll discuss how to use PhpSecInfo as part of your web app security toolkit, and how to customize and extend it for your specific needs, including using the Zend_Environment_Security module from the Zend Framework.

Hope to see you there!

, , , , , , ,
Posted in PHPSecInfo, Development, InfoSec, The Web Problem, PHP by funkatron on 09/10 at 01:27 PM
(0) Comments

Tuesday, July 03, 2007

Let’s talk PhpSecInfo at php|works ATL

Through an apparent clerical error, I’ve been chosen to speak at php|works Atlanta on September 12-13. I’ll be speaking on PHPSecInfo, the PHP environment security auditing tool.

I really enjoyed php|tek Chicago this May, which was my first PHP Architect conference, and I trust this one will be just as cool, with talks from folks like Ben Ramsey, Eli White, Chris Shiflett, and Terry Chay. Terry and I will also be competing in the first annual PHP offend-off, where we see who can most efficiently insult the sensibilities of a room full of attendees.

I’ve never been father south than D.C., so I’m interested to see what the land of Andre 3000 is like.

, , , , , , , ,
Posted in PHPSecInfo, Development, InfoSec, PHP by funkatron on 07/03 at 10:26 PM

Thursday, April 26, 2007

I’m interviewed on the Pro::PHP Podcast

Man, this was a mistake

Paul Reinheimer interviewed me for the Pro::PHP Podcast a couple weeks ago, and the podcast was just posted today. If you’re interested in hearing me ramble about secure PHP development, download it or subscribe to the feed.

I say “uh” and “erm” a lot, which makes me sounds like a real pro, lemme tell ya.

, , ,
Posted in General, PHPSecInfo, Development, InfoSec, The Web Problem, PHP by funkatron on 04/26 at 10:51 AM
(0) Comments

Friday, April 06, 2007

PHPSecInfo v0.2.1 now available

PhpSecInfo v0.2.1 is now available. It’s primarily a bugfix release, but a fairly significant one. From the CHANGELOG:

  • uid and gid tests now correctly test the user and group that PHP is executing as (requires that exec() or posix functions are enabled)
  • Changed upload_max_filesize and post_max_size return “OK” if current value is equal to recommended value
  • fixed nonstandard naming with a couple locally used constants
  • fixed problem with XHTML validity in cases of not run tests (thanks Thomas Corbiere)

Get your security auditing on at phpsecinfo.com.

, , , ,
Posted in PHPSecInfo, My Projects, InfoSec, The Web Problem, PHP by funkatron on 04/06 at 01:14 PM
(0) Comments
Page 2 of 5 pages  <  1 2 3 4 >  Last »