PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PEAR Releases (03.18.2024)

Community News: Latest PEAR Releases (03.11.2024)

Community News: Latest PECL Releases (03.05.2024)

Community News: Latest PECL Releases (02.27.2024)

Community News: Latest PEAR Releases (02.26.2024)

Community News: Latest PECL Releases (02.20.2024)

Community News: Latest PECL Releases (02.13.2024)

Community News: Latest PEAR Releases (02.12.2024)

Community News: Latest PECL Releases (02.06.2024)

Community News: Latest PECL Releases (01.30.2024)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Month of PHP Security Begins

byChris Cornutt May 04, 2010 @ 17:45:27

With the start of May (2010) we've seen the start of the the Hardened-PHP group's "Month of PHP Security" project, an effort to bring more security to PHP and the applications running on it by showing problems with their security.

We welcome you to the Month of PHP Security 2010. This initiative continues the effort of Hardened-PHP's Month of PHP Bugs from 2007 to improve the security of PHP and the PHP ecosystem. During the Month of May 2010 we will post every day at least one new vulnerabilities in PHP and one new vulnerability in a PHP applications. In addition to that every other day we will post an article about a PHP security topic or a new PHP security tool. Among these articles and tools are those that were submitted to us during the Month of PHP Security CFP.

Six new issues and one article have already been posted as a part of the month's activity:

MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access Vulnerability
MOPS-2010-002: Campsite TinyMCE Article Attachment SQL Injection Vulnerability
MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability
MOPS-2010-004: ClanSphere Captcha Generator Blind SQL Injection Vulnerability
MOPS-2010-006: PHP addcslashes() Interruption Information Leak Vulnerability
An article on PHP Web Security
The submission of a tool to help woth application security - ESAPI for PHP

Stefan Esser's Blog:
Month of PHP Security 2010 - CALL FOR PAPERS

byChris Cornutt Mar 01, 2010 @ 16:04:48

Stefan Esser has officially announced the Call for Papers for the Month of PHP Security happening in May 2010. The MoPS is an effort to both close security issues with PHP that could cause developers and their applications problems as well as gather information to help developers write better code from the start.

Today the call for papers was released. Everyone from the PHP and security community is invited to produce quality articles/advisories about PHP security topics/bugs and submit them to the CFP committee.

If you're interested in submitting your ideas and articles for the Call for Papers, you'll find complete details on the PHP-Security.org site. A committee of four will be selecting the articles from those submitted. The site also includes a few suggested topics such as: a new vulnerability in PHP, an explanation of a complicated vulnerability, how to stage attacks on encrypted PHP systems or the release of a new open source security tool.

Prizes will be awarded for what the committee sees as the best published material including a first place prize of 1000 Euro, a Syscan ticket and a license for CodeScan PHP all the way down to an Amazon coupon for 65 USD/50 EUR. Submissions should be sent to cfp@php-security.org.

tagged: monthogphpsecurity mops2010 callforpapers

Link: