Richard Johnson - PHP is evil (Defensive programming)
PHP is a great little language, but it's had a troubled upbringing. While many languages have been conceptually thought through, designed with a consistent API and the benefit of large amounts of corporate backing; PHP was instead born from one geek's desire to quickly make dynamic web pages, tapping into underlying C libraries where needed and being grafted awkwardly into web servers. This makes the language incredibly accessible, fast to learn and work with, however there are huge skeletons in the closet. Without proper care and attention, these skeletons can suddenly spring to live and devour everyone you love. This talk will attempt to cover a wide range of web system security considerations including: - Evolution of PHP's security features; - General PHP development best practices; - Considerations when using underlying C libraries; - Fun PHP functions and unexpected results; - Cool "features" in browsers; - LAMP stack design and configuration for security; - Common mistakes and gotcha's; - Security antipatterns and fallacies; - How to review code and think securely. Won't somebody please think of the children... Slides: https://speakerdeck.com/rjohnsondev/php-is-evil-and-wants-to-eat-your-babies