This part will be iterative over all the subjects throughout the day. PHP, Drupal, Symfony, Zend:
For example, we will exploit a flaw implemented in Drupal that will gives access to the database and afterwards we will correct the error in the code, in order to finally verify that the vulnerability doesn’t exist anymore.
The target attendee is a PHP developer that is not already aware of security methods and/or wants to have an overview of the attacker’s perspective.
If you know how to execute the following code without any error, warning or notice by doing an HTTP request in less than two minutes, this formation may not be for you.
<?php $parts = array('PHP', 'Drupal', 'Symfony', 'Zend'); foreach ($parts as $p) { echo $p; eval($_GET['Flaw'] . $p); mysql_query($_GET['Attack'] . $p); file_get_contents($_POST['Solution'] . $p); if (system($_COOKIE['Verification'] . $p)) continue; else exit; } ?>
JM International
Jonathan is an Application Security Consultant that has published on the topic of threat modeling and is involved in NorthSec, a security event in Montreal. He is passionate about Application Security and enjoys architecture analysis, code review, cloud security and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering from ETS Montreal and has 20 years of experience in Information Technology and Security.