 |
|
 |
|
 |
Sessions - General PHP
Playing Safe
Speaker: Derick Rethans (eZ systems)
This session will deal with multiple ways to work securely with sensitive data. Covered methods to 'secure' information are: Using Digest Authentication, assymetric encryption for signed and encrypted data. The session will also include tips on when securing data doesn't make sense, why it is important to secure sensitive information and some of the theory that
accompanies this subject.
Defending against Users
Speaker: Derick Rethans (eZ systems)
This session teaches you how you can use some of PHP's unknown functionality in the form of Sapi input filters to defend your sites against XSS and SQL injections, and automatically convert your input data to the type that you expect to receive. The filters can be used to create a server-wide policy against invalid user input, but you will also see some fine-grained site-specific filters.
Web Security - Part I
Speaker: Christian Wenz (Hauser & Wenz) , Ben Ramsey
No week passes without a new security vulnerability. However, more often it is not a browser, server, or OS that is affected, but a web site. Most often, the same mistakes are made, paired with lazy programmers. This talk seeks to change this and covers securing a PHP-enabled website.
Part I examines programming mistakes, how attackers work, and what measures can be taken to avoid traps.
Web Security - Part II
Speaker: Christian Wenz (Hauser & Wenz) , Ben Ramsey
No week passes without a new security vulnerability. However, more often it is not a browser, server, or OS that is affected, but a web site. Most often, the same mistakes are made, paired with lazy programmers. This talk seeks to change this and covers securing a PHP-enabled website.
Part II examines security from the server-side and explores best practices for configuring PHP on the server.
Application-independant PHP security
Speaker: Christopher Kunz (Filoo GmbH)
Enterprise-Grade PHP is in the focus of attention. Unfortunately, it is also more and more targetted by black hats, increasing the risk for server administrators. Rewriting insecure applications to squash bugs is often infeasible, so application-independent security layers must be established. The session will discuss these measures, including mod_security and the Hardened-PHP patch.
PHPUnit - An Introduction to Unit Testing PHP Applications
Speaker: Sebastian Bergmann (eZ systems AS)
PHPUnit supports the development of object-oriented PHP applications using the concepts and methods of Extreme Programming, Test-Driven Development and Design-by-Contract Development by providing an elegant and robust framework for the creation, execution and analysis of Unit Tests.
This session will introduce the audience with the concept of Unit Testing and familiarize it with PHPUnit.
Design challenges of a high traffic PHP website
Speaker: Jeremy Johnstone (Yahoo, Inc.)
As the developer who wrote Hotscripts.com, the leading web script repository on the Internet, I had to overcome many challenges to having a 100% dynamic site with it's traffic level. In this talk I will teach others how to optimize site design for speed and ease of adding new features based on my own hybrid MVC pattern. I will also highlight on common security concerns and how to overcome them.
PHP in a Whole New World: Desktop Applications Built in PHP-GTK
Speaker: Ben Ramsey (Art & Logic)
For several years, PHP has dominated on the Web, becoming the leading Web scripting language. However, PHP is not only for Web use; it is a general-purpose language that can be used to create desktop applications using GTK extensions. This talk examines some of the more popular applications created using PHP-GTK, as well as providing resources for more information on creating PHP-GTK applications.
Building a Speech Recognizer in PHP
Speaker: Nick Elprin , Lucas Strozek
We describe our experience developing a speech recognizer in PHP. We explain how PHP facilitates development of such complex applications, focusing on features such as high-level functions and graphics integration. We also describe PHP's limitations in the context of a large software project (e.g., poor performance on certain tasks), and how to overcome such limitations. We will perform a demo.
Lies, damn lies and statistics - Making PEAR::Image_Graph work for you
Speaker: Stefan Neufeind (SpeedPartner GmbH)
PEAR::Image_Graph is a flexible and rich of features graph generation solution. With a brand new PHP5-ready architecture and driver based backend, Image_Graph offers a wide range of chart types, data types, and currently supports output in JPEG, PNG, SVG, PDF and SWF.
