Chris Shiflett has written a nice recap of OSCON in which he mentions one of my talks. Thanks! Chris, when I post my talk, I’ll have to use your quote:
“…one of the most entertaining talks of the conference!”
—Chris Shiflett, author of Essential PHP Security
In any case, someone needs to write a review of Chris’s OSCON talks. I nominate myself for this difficult task.
Chris OSCON Talks
Chris Shiflett gave four(!) talks at this year’s OSCON. As Andrei (and Chris) told me, the talks are neatly divided into the following matrix.
| Security | Testing | |
|---|---|---|
| Security | Security-squared | Security Testing |
| Testing | Testing Security | Testing-squared |
The nice thing thing of this is you could use any three talks to triangulate the content of the fourth talk. That’s good because I saw like one and a half of his talks which makes me a PHP Security expert (or perhaps a PHP Testing expert… or maybe it’s a PHP Secure Testing expert? Well in any case, I know something about security… or is that testing security?)
Power PHP Testing (aka Testing Testing) was on Monday. A lot of this was about integration/acceptance testing. I don’t remember because I was taking photographs and it was annoying the attendees. I left during the break to spare them. (BTW, you know most of Geoff’s photos came out with some severe red eye. He’s clearly in league with Satan, as are all Perl coders. If that isn’t proof enough, the guy works for Ticketmaster!)
Esssential PHP Security (aka Security Security) was on Tuesday. Hey Chris didn’t you give this talk last year? I missed this talk in order to make slides for my 0-60 Ajax Patterns talk, but that’s okay because I “bought” the book (by “bought” I mean I “obtained” a copy through O’Reilly).
The Truth about XSS (aka Testing Security) was on Wednesday. I missed this talk because I was giving my 0-60 Ajax Patterns talk. That’s okay because I talked about CSRF in my talk. If any of you were Nightcrawler, you could have picked up the basic stuff (about 45 seconds if you do the math) in my talk and then *bampfh*! jump to Chris’s talk. XSS + CSRF is the key to compromising most websites, but like epoxy it is best to keep them separate until you need it.
Security Testing (aka Security Testing) was on Thursday. I attended this talk because a PHP talk is the best place to make slides for a PHP talk. Which means, I don’t remember a thing of what this talk was about—Hey, I was working on my talk, sosumi! Security Testing is an important thing because it is damn near impossible to do. Because of this, I subscribe to the “ain’t hacked, don’t test” model of web development. (When that fails, I do a good impression of an ostrich.)
I know Chris would disagree with me here, but given a simple security survey of the most popular PHP applications on the web, I’d have to say that my camp is a clear majority.
Besides, this talk wasn’t half as fun as John Coggeshall’s talk, in which Andrei spent the entire time watching internet pr0n and IMing me his liquefy manipulations of John Coggeshall’s head.
Penetration
Caitlin found it very funny every time Chris mentioned the word “penetration” in his talk.
I did too.
About Chris Shiflett
I was very disappointed to find out that Chris Shiflett was “the PHP Security guy”, not the guitarist for the Foo Fighters. This sort of reminds me of the Super Friends Office Space video.
“You know there is nothing wrong with that name until I was like 20 years old and that no-talent ass-clown became famous and got his own Wikipedia entry.”
“Why don’t you just go by Christopher instead of Chris?”
“No way, why should I change? He’s the one who sucks.”
2 thoughts on “Chris Shiflett @ OSCON '06”