Large scale attacks against unprotected web applications are meanwhile
happening on an almost daily basis. For developers it's hard to protect
against them since too many attack patterns exist to be 100% aware about and
the doing the splits between usability and security in times of web2.x has
never been harder. What's necessary are tools that ease implementing
additional security to a web application and in the same time allow the
developer to learn either what attacks are fired against his side by whom
and how. The talk introduces the PHPIDS as a system of this kind but mainly
focuses on how the PHPIDS uses generic attack detection to determine between
normal user input and maliciously crafted strings.
Speaker
.mario works as developer and CSO for ormigo.com - a cologne based
performance marketing startup. He maintains several projects such as the
PHPIDS [php-ids.org], the CSRFx [code.google.com/p/csrfx/] and the small
series of tools running under the h4k.in domain - like the PCE [
h4k.in/encoding].