php|tek09: Day #1

Tutorial day at php|tek! The day begun with a PHP Breakfast, where I met guys like Matthew Weier O’Phinney and saw the guys from yesterday as well. After that I moved on to registration and got my tek swag on!

The first session I attended was a Security Bootcamp by Christian Wenz (@chwenz) where we analysed some security issues and sample applications, going over some of the basics of PHP security and look at some of the most active players today like XSS and CSRF. It was interesting and refreshing, an overall great tutorial for people looking for the light at the end of a security tunnel, or at least to learn what holes to look for in their applications.

After that we had lunch, cortesy of MTACon. And the afternoon was ready for a kick off with a awesome session, PHP Code Review with Sebastan Bergmann, Arne Blankerts and Stefan Priebsch. This session was an eye opener and loads of fun. Basically we pickup php frameworks and apps, like Habari, Magento and such and look at the code to find the bad, the ugly and the down right down outrageous. The kid of stuff we found in some apps was simply amazing, from major security issues in Habari to insanelly pointless code in magento. This session was very interactive and pointed out a whole bunch of things we should avoid on a daily basis.

After the sessions we headed over to get some official and famous Chicago Stuffed Pizza at Giordano’s, it is definativelly aproved! So dinner with 40 PHPers ended up back in the hotel fomr some Hockey and Basketball surrounded by PHP talk.

Ready for the first oficial day of php|tek. By the way… we got some great shirt swag at the conf.. bring money! buy shirts!

Pictures on Flickr: http://www.flickr.com/search/?q=phptek+OR+tek09&m=tags&d=taken-20090515-20090525&ss=2&ct=0&w=all

Update: Seems the security issue is not major, as it occurs only during installation. It is however still a security issue and a violation of the “filter all input” mantra.