PHP Hurts Programmers (and other tales)

PHP Hurts Programmers (and other tales)

Find out some of the sneaky ways the web’s favourite language-to-hate can give unsuspecting users just enough rope to hang themselves with. Take a slightly deeper dive into a few real-world bugs, and see how to (hopefully) avoid them in your own code.

Links from the end:

PHP The Right Way -
PHP: A fractal of bad design
WordPress vulnerability discussed:
Simple Machine Forums vulnerability discussed:
ExpressionEngine vulnerability
OWASP Resources
Both of these are “work in progress” / drafts
PHP Configuration Checker (php.ini)
All about shell escaping & php
List of static analysis tools for PHP
Gary Bernhardt’s “WAT” talk


Keith Humm

March 29, 2017