Evolution of Web Security: Fundamentals, Emerging Trends, and Ideas for the Future

Tools & Techniques
Location: E145/E146
Please note: to attend, your registration must include Tutorials.
Average rating: ****.
(4.09, 22 ratings)

This is a multi-faceted tutorial that explores new concepts in web security. After a solid grounding in well-known exploits like cross-site scripting (XSS) and cross-site request forgeries (CSRF), I’ll demonstrate how traditional exploits are being combined together and with other technologies like Ajax to launch sophisticated attacks that penetrate firewalls, target users, and spread like worms. I’ll then discuss some ideas for the future, such as evaluating trends to identify suspicious activity and understanding human tendencies and behavior to help provide a better, more secure user experience.

Photo of Chris Shiflett

Chris Shiflett


Hi, I’m Chris Shiflett, a web developer from Brooklyn, NY, and a founding member of Analog, a web design and development co-operative.

When inspiration strikes, I can be found scribbling on my blog at shiflett.org, or on Twitter as @shiflett. In 2007, I started PHP Advent, an Advent calendar for the PHP community.

I have authored and co-authored a few books — most notably Essential PHP Security and HTTP Developer’s Handbook — and I occasionally write articles for publications like Smashing Magazine, where I also serve on the editorial panel.

My passion for sharing ideas has brought me to a few conferences — including OSCON, Webstock, South by Southwest, and the Future of Web Apps — and events like Foo Camp, Kiwi Foo Camp, and the Microsoft Web Dev Summit.

When not in front of a computer, I can usually be found playing soccer in Prospect Park or riding my single-speed bicycle around Brooklyn.

Comments on this page are now closed.


Picture of Shirley Bailes
Shirley Bailes
07/20/2010 1:45am PDT

@Ravi, we’ll post them here once we get them from the speaker. Thanks!

Ravi Surayapalem
07/20/2010 1:32am PDT

I missed this one,....any ppt or pdf to see what was discussed?

  • Intel
  • Microsoft
  • Google
  • Facebook
  • Rackspace Hosting
  • (mt) Media Temple, Inc.
  • ActiveState
  • CommonPlaces
  • DB Relay
  • FireHost
  • GoDaddy
  • HP
  • HTSQL by Prometheus Research
  • Impetus Technologies Inc.
  • Infobright, Inc
  • JasperSoft
  • Kaltura
  • Marvell
  • Mashery
  • NorthScale, Inc.
  • Open Invention Network
  • OpSource
  • Oracle
  • Parallels
  • PayPal
  • Percona
  • Qualcomm Innovation Center, Inc.
  • Rhomobile
  • Schooner Information Technology
  • Silicon Mechanics
  • SourceGear
  • Symbian
  • VoltDB
  • WSO2
  • Linux Pro Magazine

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at scordesse@oreilly.com

Download the OSCON Sponsor/Exhibitor Prospectus

Media Partner Opportunities

Download the Media & Promotional Partner Brochure (PDF) for information on trade opportunities with O'Reilly conferences or contact mediapartners@ oreilly.com

Press and Media

For media-related inquiries, contact Maureen Jennings at maureen@oreilly.com

OSCON Newsletter

To stay abreast of conference news and to receive email notification when registration opens, please sign up for the OSCON Newsletter (login required)

OSCON 2.0 Ideas

Have an idea for OSCON to share? oscon-idea@oreilly.com

Contact Us

View a complete list of OSCON contacts