Put Down the Superglobals! Secure PHP Development with Inspekt



Inspekt is a filtering and validation library for PHP. With a focus on ease of use, Inspekt makes writing secure PHP applications faster and easier. This talk covers the Inspekt library and the "input cage" concept, best practices when utilizing the library, and how to integrate Inspekt with existing applications and popular frameworks.


Inspekt is a comprehensive input filtering and validation library for PHP. With a focus on simplicity, Inspekt makes writing secure web applications in PHP faster and easier.

Attendees of this talk will learn:

  • The Inspekt approach to filtering and validating user input, including the “input cage” concept
  • how to ensuring secure code throughout the development process
  • how to integrate Inspekt with existing applications
  • how Inspekt integrates with popular frameworks like the Zend Framework and CodeIgniter

Development of Inspekt is funded by OWASP’s Spring of Code 2007.

More information: http://inspekt.org and http://owasp.org

Speaking experience


  • Edfinkler pensive

    Edward Finkler

    Funkatron Productions


    With over 15 years of passionate web development experience and open source advocacy, Ed Finkler loves empowering people through technology. He’s excited about creating things and sharing them with the world.

    He served as web lead and security researcher at The Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University for 9 years. More recently, he has been helping startup teams build exciting e-commerce, social sharing, and mapping systems. He’s a proud member of the Fictive Kin team, working on Done Not Done, Gimme Bar, and lots of other cool stuff.

    Ed spends much of his free time creating and working on open source projects such as Spaz, a long-running, award winning microblogging client. Ed also created the PHP libraries like FUnit, Resty.php, PHPSecInfo, and Inspekt.