funkatron.com

I’ve uploaded the 0.3 release of Inspekt, the input filtering and validation library for PHP4 and 5. With this release, Inspekt completes the goals of the original specification for the OWASP SpoC007 project . I believe it is ready for “real-world” use.

Along with this release, there are new support and install options:

• Brand new user documentation - written by an actual human (well, me, so close enough)
• Updated API documentation generated with phpDocumentor
• A PEAR channel (pear.funkatron.com) for quick packaged installs
• A discussion group/mailing list for support, suggestions and discussion

What’s new in this release:

• Automated filtered via external config files
• Cleanup and fixes to docblocks
• More example code
• A fruity logo

What’s in the future:

• Interact with developers to get feedback and implement suggestions
• Add new options for URI, email, phone # validators
• Work with framework developers to integrate Inspekt with their platforms
• Better support the special requirements of session data
• Integration with PHP5’s filtering API when available
• Integration with other filtering and escaping systems like PHPIDS and HTML Purifier

If you are interested in contributing to Inspekt in any way, I highly encourage you to join the mailing list. I’m especially looking for development assistance and “real-world” feedback.

Maintaining focus has never been one of my strong suits, but I’ve been doing a fairly bad job of it lately even for me. So, I’m finally posting the slides from my two talks a DC PHP:

• Securing the PHP Environment with PHPSecInfo
• Secure PHP Development with Inspekt

I think my talks went okay, but not great. Definitely could have been more prepared and presented more useful information, especially in the Inspekt talk. It’s the first time I’ve done a talk on that project, so I still am feeling that one out a bit, whereas I’ve talked about PHPSecInfo a few times before this.

The DC PHP Conference was a nice surprise. It was clearly still in the learning stages, but everyone was friendly and happy to help, and the organizers definitely seemed interested in sorting out what worked and what didn’t. I believe they said the next one will be in July 2008; I hope to be there!

php|works 2007 was last week, and it was a great experience for me. Here are the slides and code from the presentations I gave:

• Introduction to CodeIgniter
  • Example app used in talk — includes CodeIgniter and ZendFramework
• Securing the PHP Environment With PHPSecInfo

I really enjoyed my trip to Atlanta and the conference experience. Much like php|tek this year in Chicago, ‘works was filled with lots of great content, smart people, and a casual, comfortable atmosphere that makes the whole thing a lot of fun. The php|architect conferences lack pretension, and that’s really nice — it’s about the people and sharing knowledge. And this one was really special for me because it’s the first time I’ve given a presentation to my colleagues in the community. I was very nervous, but it all turned out well.

I’m too lazy busy to write out an extended journal of the whole experience, but here are some memorable moments:

• Being sick just two days before I was about to leave, and getting better just in time to go
• Having my first flight cancelled, giving me time to mostly finish my CodeIgniter talk before I left the Indy airport
• Getting to the hotel just in time to catch Chris Shiflett’s funny PHP4 is Dead keynote
• Discovering the hotel room had a flat-panel TV. Unfortunately, no HD content
• Catching up with Lucas Nealan, and getting an unexpected phonecall with great news
• The fact that there were about 7,000 iPhones on-hand
• The Paul Reinheimer quad-core drinking demo (sponsored by Microsoft)
• Ramblecast: the loudest, drunkest, least productive group podcasting experiment ever
• Learning a lot more about the Filter extension from Derick Rethans, and seeing how it compares to Inspekt
• Losing power in the middle of my PHPSecInfo talk, and Paul M. Jones resuscitating the projector
• Terry Chay’s software architecture talk. I didn’t agree with everything he said, but I laughed my ass off
• Meeting people who have actually heard of me and used tools I’ve made. Weird
• Good conversations with too many people to name

Although downloads have been on the Google Code site for a bit, I recently put up a new build of Inspekt. This could probably be described as a late alpha release, with most proposed features implemented. Full API docs are included in the download.

• http://inspekt.googlecode.com/files/inspekt-20070531.zip

I’ve written up a bit of documentation on the basics of Inspekt, with example code showing off some of the currently-implemented features:

• http://code.google.com/p/inspekt/wiki/BasicUsage

You can also get an SVN checkout from the Google Code page:

• http://code.google.com/p/inspekt/source

I’m interested to hear feedback on Inspekt, so please feel free to drop me a line or leave a comment. Thanks!