Security + PHP 

I’m pleased to announce the May Meeting for this Thursday, Security + PHP.

It’ll cover some of the basics of web application security, such as Cross Site Scripting (XSS), Cross Site Request Forgery (XSRF), SQL injection and some tips for their prevention and becoming more security conscious. There will be some demonstrations of all the topics with some suggested solutions. We’ll also see a demonstration of the simplistic Browser exploitation Framework (BeEF) project from bindshell.net , which presents an interesting take on potentials of XSS and XSRF within the browser.

A little about Eric:

I’ve been a programmer since I was age 12, back in the days of TI-83 graphing calculators and the lot. From there, I learned to develop through a combination of languages including Visual Basic, Delphi, and C/C++ with mostly security and personal firewall penetration testing applications that performed on the Windows platform. I learned substantially about the Windows API framework and developed most of my system level programming skillsets from this focus. I’m coming up on my senior year of my Bachelor’s degree program at Weber State University and work almost exclusively with web development technologies, such as PHP, (X)HTML, CSS, Javascript, AJAX, etc.

For the past year, I’ve worked at Code Greene, a web development company based in downtown Salt Lake City; I’ve worked on backend medium to large scale integration projects as well as custom PHP and CakePHP web frontends and sites, though my preferences are towards integration and API projects. While I know CakePHP best, I have looked at other PHP frameworks, such as Code Igniter and Zend Framework. In terms of my computer preferences, I don’t have a lot of time for gaming so a Linux distro, such as Ubuntu or Kubuntu, with some quality hardware usually suits me well. I don’t like Windows much anymore, as in the past year I have migrated all but one of my home systems to Ubuntu and only have to use Windows minimally at the university. Honestly, either way works if I can get the job done without too many runarounds, and you know…button clicks.

Eric can be followed on twitter at xtrementl (Extreme-NTL).

This text will be replaced