About the Author

Chris Shiflett

Chris Shiflett is an author and speaker who leads the web application security practice at OmniTI.

PHP & Web Application Security Blog

Dec 2008

PHP Advent 2008

Is it December again already? I like good traditions, so with the help of Sean and many others, PHP Advent is back again, this time with its own domain. I would call it a web site, but that might be stretching the truth at the moment. Jon is going to h...

Nov 2008

Facebook Worm

While Sean was visiting the NY office this past week, he noticed a Facebook message from one of his friends that included a suspicious link. When he clicked it, Firefox displayed a Reported Attack Site alert. Clearly, Sean's friend did not intentionall...

Oct 2008

Font Linking

With a gentle prod from Jon, I've been reading about the hot topic of font linking. I have as many questions as answers, but I'm going to try to share what I've learned so far, and I hope you'll join the conversation. Jon provides a good history, and ...

Sep 2008

ZendCon

Another ZendCon has come and gone. I've been cutting back on the number of conferences I attend, but I've been to every ZendCon so far, and I hope to continue the trend for years to come. Along with php|tek, it's one of the best perennial PHP conferenc...

Aug 2008

Inspecting and Hacking HTTP

There are numerous reasons you might want to inspect HTTP when debugging a problem. If you've ever tried to debug problems with sessions, cookies, or redirects, I'm sure you can appreciate how hard it is without taking a close look at what's going on b...

Security 2.0 in Cincinnati

I'll be visiting Cincinnati briefly tomorrow (Thu, 21 Aug 2008) to give my talk entitled Security 2.0 at the local PHP user group, OINK-PUG. Elizabeth Naramore is kindly hosting me, so I'll be able to fraternize after the meeting, which is always the b...

New Comments

Chris Shiflett wrote:

Nope, I moved to Prospect Heights (Brooklyn) about 4 years ago. It's a much nicer neighborhood to...

Posted in PHP Advent 2008
Eric Bryant wrote:

Oh wow.Where do you live now? Are you still in Manhattan?

Posted in PHP Advent 2008
Chris Shiflett wrote:

Hey Eric, thanks for commenting. I used to live on 34th St, directly across the street from the N...

Posted in PHP Advent 2008
Eric Bryant wrote:

Thanks, Chris, for a great blog about PHP. I found your blog on accident, doing some marketing re...

Posted in PHP Advent 2008
david croquet wrote:

I can't use your method to hack this testing site: http://hackme.ntobjectives.com/sql_inject/log...

Posted in addslashes() Versus mysql_real_escape_string()
Gaetan Dekostere wrote:

Succes! I just realized I forgot to read out the data from the database and return it... The foll...

Posted in Guru Speak: Storing Sessions in a Database

Browse Comments