July 20–24, 2015
Portland, OR

Web security essentials

Eli White (php[architect])
1:30pm–5:00pm Tuesday, 07/21/2015
Protect Portland 251
Average rating: ***..
(3.92, 13 ratings)
Slides:   external link,   external link

Prerequisite Knowledge

Attendees should have basic web development knowledge. Examples will be given in PHP and JavaScript; however, they'll be generically presented so they'll be useful to all web development shops.

Materials or downloads needed in advance

If attendees wish to work on some of the security examples themselves, a laptop running MySQL/PHP would be useful. However, the tutorial will be presented in such a way that attendees will not need to have a laptop to enjoy the knowledge.


This session will expose you to a broad range of web security vulnerabilities and their solutions. Come knowing nothing and leave with a toolkit of knowledge to ensure that you are thinking properly about security, before you write your first line of code. This tutorial will cover the basics such as XSS, CSRF, SQL Injection, and clickjacking. But we will also go into depth on issues of session management, password security, two-factor authentication, and much much more!

Photo of Eli White

Eli White


Eli White has been building web applications for almost 20 years, and fell in love with PHP the day PHP 4 was released. Since then he’s been a strong advocate for PHP and used it in every project he’s worked on. Eli is currently the managing editor and conference chair for php[architect], and founding partner and CTO of musketeers.me. He is also an avid writer (blogs, articles, and books), and has spoken at numerous conferences.

Comments on this page are now closed.


Picture of Eli White
Eli White
07/23/2015 5:11pm PDT

Slides have been uploaded to http://eliw.com/presentations/

Mike Miller
07/23/2015 11:25am PDT

{tap, tap, tap} Is this thing on?

Mike Miller
07/21/2015 7:40am PDT

Are the slides for this tutorial available somewhere?