News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Marco Tabini's Blog:
Security-related bugs are good. No, really!
February 03, 2006 @ 06:36:09

In his latest entry, Marco Tabini talks about some of the security issues surrounding PHP that have been going around lately, and his take on the situation.

If you happen to keep a tab on the various posts in the community, you have undoubtedly noted a variety of opinions on the subject-I think that security doesn't belong in the language, Chris has made his point clear and Harry sort-of responded to both of us.

As a community, we are all tasked with ensuring that PHP becomes a better product. And by "community" I really mean everyone-individuals, OSS groups and commercial entities. I think that finally, after so many false starts, we are beginning to do a good job of it, too.

The post continues on, talking more about the ever-growing trend towards PHP5 and a push forward towards applications written with it with better security and less issues overall...

0 comments voice your opinion now!
security bugs PHP5 PHP4 Chris Shiflett Harry Fuecks security bugs PHP5 PHP4 Chris Shiflett Harry Fuecks


Chris Shiflett's Blog:
Pro PHP Podcast
January 19, 2006 @ 06:38:32

Chris Shiflett has this post today about the partnership between php|architect and the Pro PHP Podcast.

You've probably heard the good news about the Pro PHP Podcast. The guys behind the show (Marcus Whitney and Chris Cornutt) are joining forces with php|architect in what should be a good thing for all of us.

So, I was very happy to hear about the partnership with php|architect, because I know this will let Marcus focus on the show. There are also regular newscasts planned, and Chris is asking, What do you want out of your news?

Always good to see community support behind a project...and remember, the first show of this new partnership is happening January 27th, an interview with Andi Gutmans that will be broadcast live. Click here to sign up...

0 comments voice your opinion now!
podcast chris shiflett ask andi gutmans podcast chris shiflett ask andi gutmans


Chris Shiflett's Blog:
2005 Highlights
January 13, 2006 @ 06:45:52

Chris Shiflett has posted this new item on his blog today with his look back at his year in 2005 - both personal and community related.

In the tradition of my 2003 and 2004 highlights, I'm posting my personal highlights of 2005. As in years past, this is mainly for my own benefit. I hope everyone has a wonderful 2006.

Some of the more memorable things on his list include:

Overall, a great year...he also includes some of the things that he'd like to do in the next year as well (speak at fewer conferences, contribute more to open source, etc).

0 comments voice your opinion now!
chris shiflett personal highlights 2005 security talks conference chris shiflett personal highlights 2005 security talks conference


Chris Shiflett's Blog:
Essential PHP Security - Forms and URLs
December 22, 2005 @ 11:00:47

Chris Shiflett has a new post on his blog today that points to a sample chapter of his book, "Essential PHP Security", that's been posted over on MySQL's Developer Zone.

The sample chapter of Essential PHP Security for MySQL's Developer Zone is now available: Chapter 2, Forms and URLs.

This chapter discusses form processing and the most common types of attacks that you need to be aware of when dealing with data from forms and URLs. You will learn about attacks such as cross-site scripting (XSS) and cross-site request forgeries (CSRF), as well as how to spoof forms and raw HTTP requests manually. By the end of the chapter, you will not only see examples of these attacks, but also what practices you can employ to help prevent them.

If you haven't gotten a chance to check out the book, you definitely should. It's recieved greate reviews by people all over the community, and thought smaller, contains a lion's share of information about PHP security matters...

0 comments voice your opinion now!
book essential security shiflett sample chapter dev.mysql.com book essential security shiflett sample chapter dev.mysql.com


Chris Shiflett's Blog:
Google XSS and Evil Character Encoding
December 22, 2005 @ 06:19:39

On his blog today, Chris Shiflett has two posts about a problem with Google and a Cross-site Scripting attack that it's vulnerable to.

From this post: The recent cross-site scripting (XSS) vulnerability discovered in Google perfectly illustrates why character encoding matters. This example demonstrates how to use PHP's htmlentities() with the optional third argument that indicates the character encoding.

By way of demonstration, he provides a little PHP script that makes a request in a different character encoding than Google can handle. Coupled with the small response from Google, a UTF-7 character sent to certain browsers could be interpreted and executed.

In this second post, he answers a question from the comments - "how will this effect my site?"

Rather than offer another vague answer, I decided to provide a very simple proof of concept that demonstrates how character encoding inconsistencies can bite you. Google's vulnerability has of course been fixed, but with a simple PHP script, we can reproduce the situation.

The script, though escaped, still causes a Javascript popup box to show when the page is loaded - all due to a lack of improper character encoding handling...

0 comments voice your opinion now!
shiflett google xss character encoding shiflett google xss character encoding


John Cox's Blog:
Security Blunders
December 21, 2005 @ 07:08:07

In his latest post today, John Cox takes a look at one of the latest posts from the SitePoint PHP blog - the Top 7 PHP Security Blunders.

This morning I read the Top 7 PHP Security Blunders which contained (at least in my mind) a few questionable comments about PHP security. Luckily for the early readers of the article, there was a very long comment by comments were a very nice critique of the article which also corrects a few obvious mistakes within the article itself.

The comments have now been pushed off the main article to the forum, (which is a shame) but as a developer, you would be doing yourself a disservice by not also taking the time to read the counter-point. They are insightful without being inflammatory.

The comments by Chris that he makes reference to can be found here in the SitePoint forums...

0 comments voice your opinion now!
sitepoint top seven security blunders chris shiflett sitepoint top seven security blunders chris shiflett


CodeSnipers.com:
Interview with Chris Shiflett
December 15, 2005 @ 06:45:45

From CodeSnipers.com today, there's this new post with an interview with the author of Essential PHP Security, Chris Shiflett.

This is the third in a series of interviews we're making available to the CodeSnipers community. We have been working to track down people who we thought had something valuable to say about the software development community, tools, practices, or direction. Some of the names you will recognize immediately, others you've probably never heard of, but all of them have made an impact in one way or another. Without further delay... we have Chris Shiflett author of Essential PHP Security.

As Chris notes in his blog entry, they talk about everything - from his book to his involvement in the PHP community...

0 comments voice your opinion now!
interview chris shiflett security interview chris shiflett security


Chris Shiflett's Blog:
PHPSecurity.org Launches
December 07, 2005 @ 07:03:43

In an effort to help increase the security awareness (more than he already has), Chris Shiflett has created a companion site for his O'Reilly book "Essential PHP Security" - PHPSecurity.org.

PHPSecurity.org, the companion web site for my new book, Essential PHP Security, is now online. Many thanks to Amy Hoy for the excellent design!

I've included the table of contents, the (unfortunate) errata, some reviews, and the code repository.

He also notes that, while there are partial examples in the book, there is no complete example that could be used to do anything malicious (the parts are there, obviously, but just not in once place). Overall, though, he says that the book has been doing well, and has gotten a very warm reception from the community - hence the expansion out to the new site...

0 comments voice your opinion now!
security book essential shiflett security book essential shiflett


Davey Shafik's Blog:
Review - Essential PHP Security by Chris Shiflett
November 14, 2005 @ 06:11:34

On his blog today, Davey Shafik has this review of Chris Shiflett's Essential PHP Security guide from O'Reilly.

I was fortunate enough to receive a copy of Chris Shiflett's book, Essential PHP Security published by O'Reilly.

Chris does an excellent job dissecting and explaining each of the 8 major security topics he covers in his book, first outlines what exactly the problem is, how easily it is to fall into the trap of making your code vulnerable to it, and how it is generally exploited. He then goes on to tell you how you can be sure that you are not vulnerable in the future.

He also notes that the "Essential" in the name is quite appropriate, and that if you purchase one PHP security book, make this the one...

0 comments voice your opinion now!
security chris shiflett o\'reilly security chris shiflett o\'reilly



Community Events





Don't see your event here?
Let us know!


threedevsandamaybe podcast code symfony tips framework introduction voicesoftheelephpant conference interview zendserver deployment bugfix release list series language api community laravel

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework