In this laboratory, we will carry out a safety audit of an Open Source web application. The technical objective is to provide a complete report and treat all phases of investigative work: black box analysis, open source analysis, identifying vulnerabilities (XSS, injections, disclosure, etc.), recommendations for strengthening, and prioritization of tasks. All skills will be tested in this complex exercise.
We will work on a real application: (The name of the application will come later). The laboratory will end with the handing over of the report to the authors of the application so they can have an outside view on the safety of the application.
Philippe is the co-author of a PHP security book call “Sécurité PHP 5 et MySQL 5”. Frequent speaker, he’s a trainer for Sensio Labs; training peoples on symfony and PHP security. He’s on the board of OWASP Montreal Chapter’s. When he has some time, he’s adding many new security features to symfony.
Damien Seguy contributes to PHP and MySQL since 1999: promotion, documentation, creation of local user groups and participation in conferences and writing technical articles.
Mr. Seguy is editor of the french magazine Direction|PHP (www.directionphp.biz), and portal technical www.nexen.net. It publishes monthly statistics on PHP. He works as an expert PHP and MySQL Nexen Services, Paris, a hosting company and services specializing in Open Source.
Mr. Seguy is a founder of AFUP (http://www.afup.org) and co-founder of PHP Quebec (http://www.phpquebec.com/), which recognized organize conferences in Paris and Montreal . He is also author of 3 books on PHP and MySQL, the first DVD devoted to PHP, and co-author of the PHP certification. It contributes to the French translation of documentation PHP and MySQL.
Comments on this page are now closed.
For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at email@example.com
Download the OSCON Sponsor/Exhibitor Prospectus
For media-related inquiries, contact Maureen Jennings at firstname.lastname@example.org
To stay abreast of conference news and to receive email notification when registration opens, please sign up for the OSCON newsletter (login required)
View a complete list of OSCON contacts