Secure Design and Coding for the Modern PHP Developer

For most complex applications, perfect operational security is a pipe dream. Writing secure code means knowing what threats exists and taking steps to mitigate them. This session will cover strategies for finding out what vulnerabilities could exist and common strategies for dealing with them. We'll discuss how to use threat models, data flow diagrams, and trust boundaries to design a secure app, as well as simple mitigations you can take in any application to address cross-site scripting (XSS), cross-site request forgery (CSRF), SQL injection, command injection, and XPath injection.

Thursday, Jan 14th, 03:00pm-03:50pm
Large Conference

About Jonathan Eskew

@jreskew
Jonathan is a Software Development Engineer at Amazon Web Services, where he maintains the AWS SDK for PHP and works on Guzzle. As a former teacher, he's passionate about community education and open source.