ewbarnard/gist:e8ded87e225a778dd1594f0543164755

## gistfile1.txt
Title: Securing your Web Services (half day)
Level: All
Duration: Half day (3.5 hours)

Description:
Knowing how to secure your web SITE does not translate into knowing how to
secure your web SERVICE. This three-part teaching session provides you skills
needed for securing your own RESTful web services in PHP:

1. What is different about web services, and why site protections such as
   CAPTCHA are useless.
2. Attacks have changed my thinking about Authentication and Authorization.
   I share what I've learned, and show a security architecture that has
   done well at preventing future attacks.
3. Using encryption in PHP seems simple, but it's remarkably difficult to
   get right. I cover two fundamental concepts: obtaining randomness, and
   encrypting/decrypting a string with cryptographic checksum.

I include an extensive curated PHP security reading list with explanations.

NOTE: I AM ALSO PROPOSING THIS MATERIAL AS THREE SEPARATE 50-MINUTE TALKS.


Additional Information:
1. These talks are based on my 3-part series in php[architect] magazine for
   May, June, and July 2016 https://www.phparch.com/magazine/ - you can read
   the May article for free.
2. Platform experience: I am a new PHP speaker. However, I used to teach Cray
   Supercomputer operating system internals (assembly and octal) as Senior
   Instructor for Cray Research Software Training.
3. Twitter: @ewbarnard

To whomever reviews this gist: My sincere thanks.
	Title: Securing your Web Services (half day)
	Level: All
	Duration: Half day (3.5 hours)

	Description:
	Knowing how to secure your web SITE does not translate into knowing how to
	secure your web SERVICE. This three-part teaching session provides you skills
	needed for securing your own RESTful web services in PHP:

	1. What is different about web services, and why site protections such as
	CAPTCHA are useless.
	2. Attacks have changed my thinking about Authentication and Authorization.
	I share what I've learned, and show a security architecture that has
	done well at preventing future attacks.
	3. Using encryption in PHP seems simple, but it's remarkably difficult to
	get right. I cover two fundamental concepts: obtaining randomness, and
	encrypting/decrypting a string with cryptographic checksum.

	I include an extensive curated PHP security reading list with explanations.

	NOTE: I AM ALSO PROPOSING THIS MATERIAL AS THREE SEPARATE 50-MINUTE TALKS.


	Additional Information:
	1. These talks are based on my 3-part series in php[architect] magazine for
	May, June, and July 2016 https://www.phparch.com/magazine/ - you can read
	the May article for free.
	2. Platform experience: I am a new PHP speaker. However, I used to teach Cray
	Supercomputer operating system internals (assembly and octal) as Senior
	Instructor for Cray Research Software Training.
	3. Twitter: @ewbarnard

	To whomever reviews this gist: My sincere thanks.