With the start of May (2010) we've seen the start of the the Hardened-PHP group's "Month of PHP Security" project, an effort to bring more security to PHP and the applications running on it by showing problems with their security.
We welcome you to the Month of PHP Security 2010. This initiative continues the effort of Hardened-PHP's Month of PHP Bugs from 2007 to improve the security of PHP and the PHP ecosystem. During the Month of May 2010 we will post every day at least one new vulnerabilities in PHP and one new vulnerability in a PHP applications. In addition to that every other day we will post an article about a PHP security topic or a new PHP security tool. Among these articles and tools are those that were submitted to us during the Month of PHP Security CFP.
Six new issues and one article have already been posted as a part of the month's activity:
- MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access Vulnerability
- MOPS-2010-002: Campsite TinyMCE Article Attachment SQL Injection Vulnerability
- MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability
- MOPS-2010-004: ClanSphere Captcha Generator Blind SQL Injection Vulnerability
- MOPS-2010-006: PHP addcslashes() Interruption Information Leak Vulnerability
- An article on PHP Web Security
- The submission of a tool to help woth application security - ESAPI for PHP