Monthly Archives: March 2009

March 2009 : Enterprise Security API for PHP

Posted on by
Reply

When?

6.30pm for a 7pm start, Thursday 12th March 2009.

Where?

Hitwise,
580 St Kilda Road,
Melbourne

The main doors are locked after a certain time. There’ll be a notice on the door with a number to call to be let in.

What?

Pizza is provided by one of phpMelb’s sponsors, Hitwise, so get in early if you want food!

Enterprise Security API for PHP by Andrew van der Stock

Andrew van der Stock is the Project Lead for OWASP’s ESAPI for PHP. Learn how the Enterprise Security API can help you protect your PHP applications from the most common security flaws, as well as improve your overall security architecture.

Some of ESAPI’s features include:

  • Object oriented (yes, we use classes and exceptions)
  • Authentication
  • Access Control
  • Access Reference Maps
  • Simplified Security Logging
  • Intrusion Detection
  • Encrypted configuration
  • Input validation
  • Canonicalization
  • Ultra safe output encoding for 10 different encoders (CSS, HTML, JavaScript, JSON, various SQL dialects, Windows and Unix shells, etc)
  • Safe(r) command shells

As it’s the early days of the PHP port, not all (if any) of these features are available today.

ESAPI for PHP is in dire need for volunteers. If you’re a PHP coder currently itching for a new project, fresh victims^W developers are more than welcome to volunteer to finish^W start this effort.

Impromptu Presentation, Lightening Talks, Discussion Forum

As we only have one talk scheduled for this month, the second half of the meeting will be open to anyone that wishes to give a lightening talk, start a discussion or give a presentation that they might feel is interesting.

Then?

We head over to the Belgian Beer Cafe at about 9pm for drinks and socialising.