NYCPHP Meetup

NYPHP.org

[nycphp-announce] TONIGHT at nyphp: Preventing SQL Injection with PHP

noreply at nyphp.org noreply at nyphp.org
Tue Jun 7 12:12:12 EDT 2011


Special Event:
Preventing SQL Injection with PHP
Proper escaping with mysql, mysqli and PDO
------------------------------------------

         Date: Tuesday, June 7th, 2011 at 6:30PM (sharp)
     Location: Suspenders Restaurant, 111 Broadway (backroom, ask hostess)
RSVP Required: http://www.nyphp.org/RSVP/188 (all attendees MUST RSVP)

In the first game of NYPHP's doubleheader June, we welcome OWASP member and
ZCE Anthony Ferrara to speak on the subtle - yet vital - topic of SQL
escaping and it's evil cousin, SQL injection. Learn the inescapable
ins-and-outs of proper escaping, including when mysql_escape_string() is not
enough - plus an exclusive first look at a new attack vector, seen first
only at NYPHP.

OWASP (Open Web Application Security Project) lists SQL Injection as the #1
vulnerability risk to web based applications today. In fact, it's estimated
that as many as half a million attempted exploites are performed each and
every single day. In this talk, we will take a look at SQL Injection with
PHP and MySQL, and how to successfully prevent it. We'll look at and
demonstrate some known attack vectors. I will also demonstrate a brand new
attack vector that's never been seen before, and show how to mitigate it. We
will look at the tools that are available to mitigate attacks, and if the
tools actually work or not. We'll also take a look at what can be done by
both PHP and MySQL to help combat injections from the core.

Anthony Ferrara is a professional PHP developer and Systems Engineer, Zend
Certified Engineer and OWASP member. He is a contributor to multiple Open
Source projects as well as the community as a whole. He is also a former
Core Team Member and Development Coordinator for the Joomla! project, as
well as a former leader of its Security team. You can follow his blog at
blog.ircmaxell.com or on Twitter at @ircmaxell.

We have reserved a private backroom at a restaurant, with an LCD, free
wireless, and seating for about 40 people.

Read the full description and RSVP at http://www.nyphp.org/

As a service to our community, New York PHP Community meetings are always
free and open to the public.

         Date: Tuesday, June 7th, 2011 at 6:30PM (sharp)
     Location: Suspenders Restaurant, 111 Broadway (backroom, ask hostess)
RSVP Required: http://www.nyphp.org/RSVP/188 (all attendees MUST RSVP)

You must RSVP within 30 days of the meeting you attend - that means RSVP
now!

---
New York PHP
http://www.nyphp.org/





More information about the announce mailing list