OWASP AppSec DC 2012/Using PHPIDS to Understand Attacks Trends

The Presentation
Abstract: As described by it's author, PHPIDS "is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application." As an open source project it provides web site owners unfamiliar with traditional log analysis an easy way to learn of attacks against their site. This presentation will provide an overview of PHPIDS as well as instructions for incorporating it into your web infrastructure. Specifically, the talk will start with a detailed description of PHPIDS, including it's architecture and operational flow. Next, the discussion will turn to the basics of installing, configuring, and testing it for any PHP web application. Finally, the presenter will provide insight into operations and maintenance of PHPIDS from over two years of use, including calibration, signature updates, incident response, and attack trends. * Introduction * What Is PHPIDS? o Architecture  o Operational Flow * Installation   o Install Code   o Create Reference File   o Include Reference File   o Verify Working   o Prepare for Production & Test * Maintenance & Operations   o Calibrating Installation   o Updating Signatures   o Keeping Attackers Away   o Adding Simple Threshold * Detection Trends * Use Within Other Tools * Conclusion Bio: Salvador Grec has over 16 years experience, undergraduate and graduate degrees in Electrical Engineering, and a really well known security certification. Even though his training was in Electrical Engineering, Sal has always been more of a Computer Science person at heart going back to his VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for 5 years, he discovered his love of infosec and has been pursuing this career ever since. Currently, he spends his days doing cyber security paperwork drills in building and maintaining multi-billion dollar government systems. At night he runs a local infosec website and tries to get some hands-on skillz. Note: I am open to other talk formats as well (e.g., Turbo Talk).