Accepted Tutorials

Title	Developing extensions with security in mind
Authors	Henning Pingel
Abstract	Information Disclosure? Forced browsing? File location guessing? Open Redirects? Authentication Bypassing? SQL Injections? Cross Site Scripting (XSS)? Path traversal? Cross Site Request Forgery? CRLF Injections? Local File Execution? Remote File Execution??? Are you familiar with most of these unpleasent terms? No? But you are an extension developer and want to extend your security knowledge? Great: Let's learn more on this subject. With a little insight and awareness, it's quite easy to keep an eye on security and close the most common and most dangerous backdoors. During this half-day tutorial we will try to understand different vulnerability types and realize how important it is to keep your own extensions PHP code secure. We will also analyze and try to improve the source code of vulnerable TYPO3 extension versions, some of them being real extensions, others only created for this tutorial for learning purposes. Bring your laptop!
Target audience	Developers
Target OS	All
Time schedule	Default
Presentation	Tutorial
Authors Description	Henning Pingel is Vice Team leader of the TYPO3 Security Team. Since he joined the team in early 2007, he has helped on fixing all kinds of security holes that were reported in TYPO3 extensions and the core. He has also found quite a bunch of these issues himself. Henning uses TYPO3 since 2003.