This part will be iterative over all the subjects throughout the day. PHP, Drupal, Symfony, Zend:
For example, we will exploit a flaw implemented in Drupal that will gives access to the database and afterwards we will correct the error in the code, in order to finally verify that the vulnerability doesn’t exist anymore.
The target attendee is a PHP developer that is not already aware of security methods and/or wants to have an overview of the attacker’s perspective.
If you know how to execute the following code without any error, warning or notice by doing an HTTP request in less than two minutes, this formation may not be for you.
<?php $parts = array('PHP', 'Drupal', 'Symfony', 'Zend'); foreach ($parts as $p) { echo $p; eval($_GET['Flaw'] . $p); mysql_query($_GET['Attack'] . $p); file_get_contents($_POST['Solution'] . $p); if (system($_COOKIE['Verification'] . $p)) continue; else exit; } ?>
Jonathan likes being involved in many communities events and in ConFoo, he keeps track of security related talks and OWASP visibility. His main occupation is consulting in Web security, but deep down he is a developer with a agnostic vision of programming languages. He has a diploma in Software Engineering from Ecole de Technologie Superieure and more than 10 years of experience in Information Technology and Security.