LinuxCon Europe + CloudOpen Europe

Robust web application security involves many layers -- from the operating system, to the web server, to the application code itself. This tutorial will look at most common web vulnerabilities (cross-site scripting, SQL, code and shell injections, cross-site request forgery, session hijacking, session fixation, etc), and offer best-practice advice on avoiding them in your web application. We will then investigate additional security tools available under Linux: SELinux to set up a strict sandbox around your webserver, mod_suPHP and Suhosin to help secure your PHP installations, and ModSecurity to help intercept web attacks before they even get to your application. Basic knowledge of HTTP and Apache is required.