Menu
LAMPsig Meetings
3rd Saturday of the Month 1-3pm
Tom Bradley Youth and Family Center
5213 West Pico Blvd.
Los Angeles, CA 90019
Apache
Saturday, September 17. 2005
September Meeting: LAMP-Fu: Securing LAMP Websites
Main Topic: LAMP -Fu: Securing LAMP Websites
"Grasshopper, snatch the Packet from my LAN..."
Fresh from DEFCON 13, Solomon Chang will lead us in attacking an insecure LAMP site, then show how to harden the site against the bad guys.
Although security itself spans a broad range of topics, this presentation will focus on the four most common LAMP vulnerabilities:
- SQL Injection
- Cross Site Scripting (XSS)
- XML Injection
- PHP Register Globals Exploits
Solomon will distribute a highly vulnerable mock website and database, and you will learn to conduct these attacks yourself on your own computer (so if you own a LAMP-enabled portable, please bring it). Then you will learn to secure your site against these attacks. It is essential to fully learn methods used by a hacker... excuse me, cracker, to safeguard against his attacks.
Solomon Chang is a member of SVGLUG as well as one of the core leaders of LAMPsig. He has developed LAMP Websites for both sides of the Force. Like all good security consultants, he keeps up with the latest exploits in order to protect against them. His laptop has a bumper sticker reading "My Other Computer is Your Linux Machine."
Opening Topic: Table-driven Programming for Taking Money from People via the Web - David Benjamin
Forms with lots of fields can be tedious to author. Having to then program those fields for a financial transaction and again for database insertion and again for reporting and again for
an in-house administrative GUI and again for reading from the database to place a new charge can be tedious to the extreme.
Table-driven programming comes to the rescue. By defining attributes of each field in a data table, a much smaller program can build the needed HTML and transactions. David will show Table-driven Programming with the example of an Authorize.Net component for web form, database, and re-billing. Of course, this component includes the "Pandora" technology described last month.
David has an extensive programming background in Java and other languages. He is currently developing a LAMP site where sensitive information must be kept secure yet accessable.
"Grasshopper, snatch the Packet from my LAN..."
Fresh from DEFCON 13, Solomon Chang will lead us in attacking an insecure LAMP site, then show how to harden the site against the bad guys.
Although security itself spans a broad range of topics, this presentation will focus on the four most common LAMP vulnerabilities:
- SQL Injection
- Cross Site Scripting (XSS)
- XML Injection
- PHP Register Globals Exploits
Solomon will distribute a highly vulnerable mock website and database, and you will learn to conduct these attacks yourself on your own computer (so if you own a LAMP-enabled portable, please bring it). Then you will learn to secure your site against these attacks. It is essential to fully learn methods used by a hacker... excuse me, cracker, to safeguard against his attacks.
Solomon Chang is a member of SVGLUG as well as one of the core leaders of LAMPsig. He has developed LAMP Websites for both sides of the Force. Like all good security consultants, he keeps up with the latest exploits in order to protect against them. His laptop has a bumper sticker reading "My Other Computer is Your Linux Machine."
Opening Topic: Table-driven Programming for Taking Money from People via the Web - David Benjamin
Forms with lots of fields can be tedious to author. Having to then program those fields for a financial transaction and again for database insertion and again for reporting and again for
an in-house administrative GUI and again for reading from the database to place a new charge can be tedious to the extreme.
Table-driven programming comes to the rescue. By defining attributes of each field in a data table, a much smaller program can build the needed HTML and transactions. David will show Table-driven Programming with the example of an Authorize.Net component for web form, database, and re-billing. Of course, this component includes the "Pandora" technology described last month.
David has an extensive programming background in Java and other languages. He is currently developing a LAMP site where sensitive information must be kept secure yet accessable.
Saturday, September 10. 2005
OOP Class Delayed Until After SCALE
Check this Website for the beginning of our next class on Object Oriented PHP Programming. Christopher Thompson & Peter Benjamin are finalizing the syllabus now.
Quicksearch
Calendar
|
September '05 |
|
||||
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | |
Categories
Last Google Search
Archives
Syndicate This Blog
PHP.Net
MySQL
Wednesday, April 4. 2012
Sunday, January 29. 2012
IBM developerworks tutorials
Tuesday, June 21. 2005
Powered by
