Accepted Tutorials

Back to list

Your selected paper:


Developing extensions with security in mind


Henning Pingel


Information Disclosure? Forced browsing? File location guessing? Open
Redirects? Authentication Bypassing? SQL Injections? Cross Site
Scripting (XSS)? Path traversal? Cross Site Request Forgery? CRLF
Injections? Local File Execution? Remote File Execution???

Are you familiar with most of these unpleasent terms? No? But you are an
extension developer and want to extend your security knowledge? Great:
Let's learn more on this subject. With a little insight and awareness,
it's quite easy to keep an eye on security and close the most common and
most dangerous backdoors.

During this half-day tutorial we will try to understand different
vulnerability types and realize how important it is to keep your own
extensions PHP code secure. We will also analyze and try to improve the
source code of vulnerable TYPO3 extension versions, some of them being
real extensions, others only created for this tutorial for learning

Bring your laptop!

Target audience 


Target OS 


Time schedule 




Authors Description 

Henning Pingel is Vice Team leader of the TYPO3 Security Team. Since he joined the team in early 2007, he has helped on fixing all kinds of security holes that were reported in TYPO3 extensions and the core. He has also found quite a bunch of these issues himself. Henning uses TYPO3 since 2003.

Back to list

The accepted talks are listed here.

Premium Sponsors
Media Partners

Marit AG - Internet Agentur & Dienstleister in München und Berlin - TYPO3 CMS - TYPO3 Open Source CMS