php meetup

Broken Authentication and Session Management

OWASP Top 10 Web Application PHP Security Risks Monthly Series

September 20th, 2011

New York PHP Community, in collaboration with OWASP, is holding a monthly series that reviews each of the OWASP Top Ten Web Security threats.

As we enter the final months of 2011, we welcome back Anthony Ferrara to share his insight and expertise on broken authentication and session management.

The next threat in our series is Broken Authentication and Session Management. We'll look at the common ways that Authentication is broken, ways to tell if your authentication system is broken, and how to write a secure authentication system. Then, we will dive into sessions and how to manage them properly. There will also be a live demonstration of a Bad Web Application that is vulnerable to this class of vulnerabilities. Finally, we will walk through a few popular frameworks and see how their offerings stand up against the OWASP security recommendations.

The PHP core provides a lot of functionality out of the box, come find out if it is secure enough for you to use!

Anthony Ferrara is a Senior Developer at NBC Universal, a Zend Certified Engineer and a OWASP member. He is a contributor to multiple Open Source projects as well as the community as a whole. He is also a former Core Team Member and Development Coordinator for the Joomla! project, as well as a former leader of its Security team. You can follow his blog at or on Twitter at @ircmaxell.


View all PHP presentations.

CSS JS minify thumbnail maker online API

free PHP thumbnail maker CSS & Javascript minify gzip pipeline online API and console

Free API and developer tools console for PageSpeed optimization.