Archive for August, 2008
Sunday, August 3rd, 2008
I will present a session at this year's Power of Community hacking conference in Seoul about vulnerabilities in closed source PHP applications.
Session: Vulnerability Discovery in Closed Source/Encrypted PHP Applications
Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting ...
Posted in PHP, Security | 1 Comment »
Sunday, August 3rd, 2008
I will present two session at this year's International PHP Conference that has now moved from Frankfurt to Mainz.
Session: Suhosin catching vulnerabilities before they hit you
During the last two years the Suhosin PHP protection system has become a standard component of many PHP installations of various linux and bsd distributions.
This ...
Posted in PHP, Security | 1 Comment »
Sunday, August 3rd, 2008
I will speak at this year's Zend PHP Conference and Expo about security problems usually missing in talks about PHP security.
Session: Lesser Known Security Problems in PHP Applications
When the security of PHP applications is in focus usually standard XSS vulnerabilities, SQL Injections, Remote File Inclusions, Header Injections and CSRF are ...
Posted in PHP, Security | 1 Comment »
Friday, August 1st, 2008
When I received the following mail today I was very amused, because the TikiWiki developers seem to have a very obscure idea how to enhance the security of their product.
In the past you have found some vulnerabilities in Tikiwiki that we
have fixed based on your advice. The Tikiwiki community is ...
Posted in PHP, Security | 15 Comments »