Why You're Not Secure: Apache, OpenSSL, and PHP

Andrew Carr Intermediate

PHP 7 has been released and your production environment needs to be upgraded.  Apache 2.4 came out 5 years ago, yet you are running Apache 2.2.  OpenSSL 1.1.0f is the current GA version, your servers use OpenSSL 0.9.8.  A lot of companies have outdated software running in live environments, making them vulnerable to commonly exploitable weaknesses.  Based on information gathered working with dozens of companies, it's commonplace to see servers running open source software that is 5, 10, or even 15 years old.  A simple Google search for vulnerabilities on these older versions produces exploits and kits that any person can use to wreck your company’s share prices, data, and reputation.  Learn how to protect yourself, your team, and your company from threats by these methods. 

We'll use some common techniques to upgrade and harden our servers, concentrating on PHP, Apache, and OpenSSL. Hardening the operating system needs to happen as well, but this session focuses on the software.  Bringing your coworkers, employers, and colleagues on board with your migration plan will allow you to more easily move from the old to the new. We'll also cover the skills you need to learn, the resources available to assist you, and the methods to accomplish a migration that will result in a secure and robust production environment.