PHP is Evil - Defensive Programming

Explore the dark side of PHP in this 35-minute conference talk from PHP UK Conference 2013. Delve into the language's troubled upbringing and potential security pitfalls. Learn about PHP's evolution, best development practices, and security considerations when working with C libraries. Discover unexpected function behaviors, browser quirks, and LAMP stack security configurations. Identify common mistakes, security antipatterns, and fallacies. Gain insights on code review techniques and developing a security-focused mindset. Cover topics such as string escaping, input cleaning, and securing PHP applications. Examine a real-world case study demonstrating target discovery and exploitation. Walk away with practical knowledge on defensive programming and strategies to mitigate PHP's potential vulnerabilities.

Intro
Welcome!
What we are going to talk about today...
for example
Some things to avoid...
String Escaping
Correct way to escape
Input Cleaning
Random cool IE hack...
More Strings!!!!
Affected Functions?
Securing around PHP
Case Study
Target & Discovery
Step 2: Exploit!
Find the password!
Some easy ways this could have been avoided
Wrapping up...