Tag Archives: Security

Stefan Esser Finds Holes in Most preg_match() Filters

      Comments Off on Stefan Esser Finds Holes in Most preg_match() Filters

p. Stefan Esser posted on his blog today about a problem he has discovered in code that he was auditing recently. The problem he discusses is in the way regular expressions are written and the modifiers that may or may not be applied.

OWASP Spring of Code 2007

      Comments Off on OWASP Spring of Code 2007

p. Chris Shiflett and Laura Thompson both announced on their blogs that during the lightning talks at last night’s PHP Meetup, Andrew van der Stock (executive director of OWASP) announced the Spring of Code 2007. This ambitious effort will distribute $100,000 to worthy projects.

Do Open Source Devs Get Web App Security? Does Anybody?

      Comments Off on Do Open Source Devs Get Web App Security? Does Anybody?

A colleague of mine who is dealing with Plone, a CMS system built atop Zope, pointed me to a rather disturbing document in the Plone Documentation system, one that I feel is indicative of a much larger problem in the web app dev community.

PHPSecInfo News

      Comments Off on PHPSecInfo News

p. Ed Finkler pinged me this morning about a couple of news items relating to PHPSecInfo. Click on inside, I’ll give you the scoop.

PHP Security From The Inside

      Comments Off on PHP Security From The Inside

p. Federico Biancuzzi has published an interesting article at securityfocus.com in which he interviews Stefan Esser. Click on inside, let’s talk about this.

PHPSecInfo: New release (0.1.2), new plans

      Comments Off on PHPSecInfo: New release (0.1.2), new plans

p. Ed Finkler sent out an email yesterday to thousands of his closest friends, announcing the release of the latest version of PHPSecInfo. If your not on his “A” list, click on inside and I’ll share the email with you.