Archive for the ‘PHP’ Category
Sunday, May 2nd, 2010
In case you haven't noticed it through the other channels already...
The Month of PHP Security 2010 has finally begun.
During the Month of May 2010 we (SektionEins) will post every day at least one new vulnerabilities in PHP and one new vulnerability in a PHP applications. In addition to ...
Posted in PHP, Security | No Comments »
Monday, April 19th, 2010
At SyScan'10 Singapore I will give a two day workshop about "Advanced PHP Auditing at Source and Bytecode Level".
This course will teach students advanced methods and techniques for PHP application audits at source code and at bytecode level. The students will get to know the most common PHP security problems ...
Posted in PHP, Security | No Comments »
Friday, April 9th, 2010
The Month of PHP Security committee has decided to extend the CFP deadline from April 11, 2010 to April 18, 2010. The reason for that is very simple: so far we only got a few submissions from the PHP community and the security community. Even fewer submissions than we have ...
Posted in PHP, Security | No Comments »
Friday, April 9th, 2010
During the Month of PHP Security there will be a Zend Webinar about "Secure Application Development with the Zend Framework" by me. While this webinar is not directly connected to the MOPS and the time (5th of May) is just a coincident it fits nicely into the whole MOPS idea. ...
Posted in PHP, Security | 4 Comments »
Sunday, March 14th, 2010
Hier einmal ein Announcement in letzter Minute: in zwei Tagen halte ich für Zend ein Webinar über "Sichere Applikationen auf Basis des Zend Frameworks".
Immer mehr PHP-Entwickler setzen das Zend Framework bei der Programmierung neuer Applikationen ein. Für die Entwicklung bringt dies einige Veränderungen mit sich, da mehr ...
Posted in PHP, Security | 1 Comment »
Friday, March 5th, 2010
Together with the release of PHP 5.3.2 by the PHP team I have released Suhosin-Patch 0.9.9.1 which comes with bugfixes and new features. The changes are:
fixed some crashbugs for IA64 architecture
check return value of mprotect() to ensure that memory is read only - credits: PAX Team
fixed mprotect() call - encrypted ...
Posted in PHP, Security | 5 Comments »
Friday, March 5th, 2010
While going through the HTTP_REFERER log of the Month of PHP Security website I realised that there are more incoming refers from various blog posts about it than there are submissions to drawing@php-security.org. Like I previously announced we will honor 10 blog postings with 25 EUR amazon coupons. The winners ...
Posted in PHP, Security | 2 Comments »
Saturday, February 27th, 2010
Two days ago I installed a mail client on my reinstalled desktop system that was not doing anything for 2 month and checked mails of the hardened-php account that were not checked for 2 months. Usually noone uses this email account to contact me, but the Suhosin bug reports sometimes ...
Posted in PHP, Security | 40 Comments »
Saturday, February 27th, 2010
I previously blogged a sneak preview of the Month of PHP Security which is a new initiative to improve security in the PHP ecosystem. Today the call for papers was released. Everyone from the PHP and security community is invited to produce quality articles/advisories about PHP security topics/bugs and submit ...
Posted in PHP, Security | 3 Comments »
Friday, February 19th, 2010
Three years ago the Hardened-PHP project organized the Month of PHP Bugs. During one month I disclosed more than 40 vulnerabilities in the PHP interpreter in order to improve the overall security of PHP. In the history of PHP this event has been one of a kind. But now, three ...
Posted in PHP, Security | 10 Comments »