As security breaches increasingly move from operating system originated attacks to application-level attacks, a web application firewall (WAF) is becoming an increasingly indispensable tool in the arsenal of security-conscious website operators and hosts. Tools like ModSecurity provide knowledgeable website and network admins with useful WAF-like capabilities, but what if you are writing an application for large-scale deployment where the install environment is unknown? Integrating WAF-like capabilities directly into your PHP application can provide an additional layer of security that can be difficult for skilled admins to replicate using other methods. With a simple include and a few lines of code, your application can stop a variety of attacks before any potentially sensitive code is executed or a database connection is even made. This presentation will provide you with a skeleton security framework and introduce you to a way to give website owners insights into potential attacks as well as their authorized users' experience. Watch the Talk Video here
