So I wasn't able to muster a Drupal Group event for this month. We were planning a PHP Meetup social, but just found out there's a presentation by the Open Web Application Security Project taking place the same night (Tues Feb 19) at Drexel. The topic is developing and deploying secure PHP apps, so the PHP Meetup kids are going to attend that event. Details are below. All are certainly welcome and I'm sure there will be plenty of info useful to Drupal developers as well. And afterwards we'll head over to Mad Mex for some beer and burritos.
Next month, a number of us are heading to Boston for Drupalcon '08. I thought for a local event towards the end of March we could have some of the folks who went talk about what they learned and what they saw that was cool -- really, just a big roundtable discussion kicked off by some of the sessions and lessons from Drupalcon. Still working on a date and location for that.
Anyway I hope to see some of you at the event on Tuesday the 19th, and I know I'll see some of you in Boston!
Nate.
-
- Philadelphia OWASP Patten Auditorium Drexel University -
Come join us in Philadelphia as we discuss web application security
and determine the content for upcoming meetings this year! We are
looking forward to a good year in web application security. At this
meeting we'll discuss what's happening in web application security,
plan our upcoming meetings, and then discuss secure PHP development
and a fun way to spam your printer using JavaScript.
Please RSVP to darian@criticode.com if you plan on attending.
-
-
- HOW-TO: Secure PHP Deployment Patterns -
-
Philadelphia-area application security consultant and Philly OWASP
Chapter Leader Darian Anthony Patrick will present secure PHP
deployment patterns in shared hosting and application-dedicated
deployment environments.
PHP has become one of the most frequently noted development platforms
of vulnerable web applications. This talk will describe best
practices for separation of PHP applications to minimize effect of a
successful penetration, and the hardening and isolation of PHP itself
to mitigate the effect of successful exploitation of problems in the
language implementation.
-
-
- HACK: Cross Site Printing -
-
Philadelphia-area security researcher and Philly OWASP Chapter Leader
Aaron Weaver will be discussing Cross Site Printing, a notable
variation on intranet application exploitation.
Aaron's research has well received by the web security industry, with
coverage by Robert Hansen aka RSnake of SecTheory and ha.ckers.org,
Jeremiah Grossman of White Hat Security and has been named number 4
of the Top Ten Web Hacks of 2007 in informal polling conducted by
Jeremiah, and is noted as one of the Coolest Hacks of 2007 by Dark
Reading. You don't want to miss this exciting presentation!
http://en.wikipedia.org/wiki/XSP_(cross_site_printing)
http://ha.ckers.org/blog/20080108/cross-site-printing/
http://jeremiahgrossman.blogspot.com/2008/01/cross-site-printing-printer...
http://jeremiahgrossman.blogspot.com/2008/01/top-ten-web-hacks-of-2007-o...
http://www.darkreading.com/document.asp?doc_id=145319&WT.svl=news1_3
**Also if there are some companies on the list who would like to
sponsor the food ? we would definitely welcome it.
Next Meeting:
February 19th 2008, 6:00 PM - 8:00 PM
OWASP Philly Meeting
Patten Auditorium (Room 109)
Matheson Hall
3220 Market St. (32nd and Market Streets) Philadelphia, PA
Special thank you to our location sponsor Chariot Solutions. Chariot
Solutions is organizing the 2008 Emerging Technologies for the
Enterprise conference at Drexel University, March 26-27, 2008.
Speakers include Floyd Marinescu of InfoQ.com, David Brussin of
TurnTide, Obie Fernandez, Yehuda Katz, and many more. You don't want
to miss this exciting event! More information at
http://www.phillyemergingtech.com/.