Archive for the ‘PHP’ Category

Month of PHP Security 2010 has begun…

Sunday, May 2nd, 2010

In case you haven't noticed it through the other channels already... The Month of PHP Security 2010 has finally begun. During the Month of May 2010 we (SektionEins) will post every day at least one new vulnerabilities in PHP and one new vulnerability in a PHP applications. In addition to ...

SyScan-Workshop: Advanced PHP Auditing at Source and Bytecode Level

Monday, April 19th, 2010

At SyScan'10 Singapore I will give a two day workshop about "Advanced PHP Auditing at Source and Bytecode Level". This course will teach students advanced methods and techniques for PHP application audits at source code and at bytecode level. The students will get to know the most common PHP security problems ...

MOPS CFP: Deadline Extension - April 18, 2010

Friday, April 9th, 2010

The Month of PHP Security committee has decided to extend the CFP deadline from April 11, 2010 to April 18, 2010. The reason for that is very simple: so far we only got a few submissions from the PHP community and the security community. Even fewer submissions than we have ...

MOPS - Zend Webinar: Secure Application Development with the Zend Framework

Friday, April 9th, 2010

During the Month of PHP Security there will be a Zend Webinar about "Secure Application Development with the Zend Framework" by me. While this webinar is not directly connected to the MOPS and the time (5th of May) is just a coincident it fits nicely into the whole MOPS idea. ...

Zend Webinar: Sichere Applikationen auf Basis des Zend Frameworks

Sunday, March 14th, 2010

Hier einmal ein Announcement in letzter Minute: in zwei Tagen halte ich für Zend ein Webinar über "Sichere Applikationen auf Basis des Zend Frameworks". Immer mehr PHP-Entwickler setzen das Zend Framework bei der Programmierung neuer Applikationen ein. Für die Entwicklung bringt dies einige Veränderungen mit sich, da mehr ...

Suhosin-Patch 0.9.9.1

Friday, March 5th, 2010

Together with the release of PHP 5.3.2 by the PHP team I have released Suhosin-Patch 0.9.9.1 which comes with bugfixes and new features. The changes are: fixed some crashbugs for IA64 architecture check return value of mprotect() to ensure that memory is read only - credits: PAX Team fixed mprotect() call - encrypted ...

Month of PHP Security - Blog Post Drawing

Friday, March 5th, 2010

While going through the HTTP_REFERER log of the Month of PHP Security website I realised that there are more incoming refers from various blog posts about it than there are submissions to drawing@php-security.org. Like I previously announced we will honor 10 blog postings with 25 EUR amazon coupons. The winners ...

Patch breaks Suhosin Security Feature in Debian Unstable/Testing

Saturday, February 27th, 2010

Two days ago I installed a mail client on my reinstalled desktop system that was not doing anything for 2 month and checked mails of the hardened-php account that were not checked for 2 months. Usually noone uses this email account to contact me, but the Suhosin bug reports sometimes ...

Month of PHP Security 2010 - CALL FOR PAPERS

Saturday, February 27th, 2010

I previously blogged a sneak preview of the Month of PHP Security which is a new initiative to improve security in the PHP ecosystem. Today the call for papers was released. Everyone from the PHP and security community is invited to produce quality articles/advisories about PHP security topics/bugs and submit ...

Sneak Preview: Month of PHP Security 2010

Friday, February 19th, 2010

Three years ago the Hardened-PHP project organized the Month of PHP Bugs. During one month I disclosed more than 40 vulnerabilities in the PHP interpreter in order to improve the overall security of PHP. In the history of PHP this event has been one of a kind. But now, three ...