Bradley Holt

Yesterday I arrived in Chicago for my first TEK·X PHP conference. After getting in, I had an interesting conversation with Bill Karwin over dinner. Bill is the author of  SQL Antipatterns and is presenting on SQL Injection Myths and Fallacies as well as Models for Hierarchical Data with SQL and PHP here at TEK·X. I was able to pick his brain on a wide range of topics including his thoughts on NoSQL and Object-Relational Mappers (ORMs). I tend to be skeptical of both (although there are certainly uses for both) and I got the sense from our conversation that my skepticism is well founded.

Today was tutorial day, or day zero. This morning I attended Arne Blankerts’ Bad Guy For a Day – A Websecurity hands-on tutorial. I liked that he took a step back and looked at the different types of security such as the transport layer, infrastructure layer, data warehouse, user interface design, user level security, and application level security. He talked about the usual suspects such as cross-site scripting (XSS), session fixation, cross-site request forgery (XSRF), and SQL injection. Filtering input and escaping output was also addressed, of course. He demonstrated attacks on several security holes in an (intentionally) badly written application. Take a look at the slides for more details.

This afternoon I attended Ed Finkler’s JavaScript for PHP Developers talk. Like most PHP developers, I find myself often working with other web technologies such as JavaScript. The object model in JavaScript is very different than in PHP and I found Ed’s explanations of these differences very helpful. The JavaScript core language is often confused with the Document Object Model (DOM) API and a clear explanation of the line between the two was also useful. His slides don’t appear to be posted yet, but I’ll link to them once they are.

One last note: if you happen to be here at TEK·X then be sure to rate the sessions on joind.in. The speakers really appreciate the feedback!