Created
June 5, 2016 20:46
-
-
Save ewbarnard/e8ded87e225a778dd1594f0543164755 to your computer and use it in GitHub Desktop.
Securing your Web Services (half day)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Title: Securing your Web Services (half day) | |
Level: All | |
Duration: Half day (3.5 hours) | |
Description: | |
Knowing how to secure your web SITE does not translate into knowing how to | |
secure your web SERVICE. This three-part teaching session provides you skills | |
needed for securing your own RESTful web services in PHP: | |
1. What is different about web services, and why site protections such as | |
CAPTCHA are useless. | |
2. Attacks have changed my thinking about Authentication and Authorization. | |
I share what I've learned, and show a security architecture that has | |
done well at preventing future attacks. | |
3. Using encryption in PHP seems simple, but it's remarkably difficult to | |
get right. I cover two fundamental concepts: obtaining randomness, and | |
encrypting/decrypting a string with cryptographic checksum. | |
I include an extensive curated PHP security reading list with explanations. | |
NOTE: I AM ALSO PROPOSING THIS MATERIAL AS THREE SEPARATE 50-MINUTE TALKS. | |
Additional Information: | |
1. These talks are based on my 3-part series in php[architect] magazine for | |
May, June, and July 2016 https://www.phparch.com/magazine/ - you can read | |
the May article for free. | |
2. Platform experience: I am a new PHP speaker. However, I used to teach Cray | |
Supercomputer operating system internals (assembly and octal) as Senior | |
Instructor for Cray Research Software Training. | |
3. Twitter: @ewbarnard | |
To whomever reviews this gist: My sincere thanks. |
I include an extensive curated PHP security reading list with explanations.
Remove this, not necessary for the purposes of the abstract.
provides you skills
I'd reword this as "provides you with skills," as the original may read oddly to American audiences.
I know a lot of web application security talks tend to talk about OWASP (CSRF, XSS, SQL injection, etc.). If you're not covering these things, maybe that's what's different about web services? Maybe you want to mention that as a contrasting point in the description, just to set up expectations.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
web SITE = website
web SERVICE = web service
teaching session = just "session" is fine imho
Overall OK though. :)