Put Down the Superglobals! Secure PHP Development with Inspekt*
Inspekt is a filtering and validation library for PHP. With a focus on ease of use, Inspekt makes writing secure PHP applications faster and easier. This talk covers the Inspekt library and the "input cage" concept, best practices when utilizing the library, and how to integrate Inspekt with existing applications and popular frameworks.
Inspekt is a comprehensive input filtering and validation library for PHP. With a focus on simplicity, Inspekt makes writing secure web applications in PHP faster and easier.
Attendees of this talk will learn:
- The Inspekt approach to filtering and validating user input, including the “input cage” concept
- how to ensuring secure code throughout the development process
- how to integrate Inspekt with existing applications
- how Inspekt integrates with popular frameworks like the Zend Framework and CodeIgniter
Development of Inspekt is funded by OWASP’s Spring of Code 2007.
With over 15 years of passionate web development experience and open source advocacy, Ed Finkler loves empowering people through technology. He’s excited about creating things and sharing them with the world.
He served as web lead and security researcher at The Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University for 9 years. More recently, he has been helping startup teams build exciting e-commerce, social sharing, and mapping systems. He’s a proud member of the Fictive Kin team, working on Done Not Done, Gimme Bar, and lots of other cool stuff.
Ed spends much of his free time creating and working on open source projects such as Spaz, a long-running, award winning microblogging client. Ed also created the PHP libraries like FUnit, Resty.php, PHPSecInfo, and Inspekt.