p. Ed Finkler, the author of PHPSecInfo, blogger, and all around nice guy, has posted his “PHP Application Insecurity Top 20”.
p. PhpSecInfo v0.2.1 is now available. It’s primarily a bugfix release, but a fairly significant one.
p. Stefan Esser posted on his blog today about a problem he has discovered in code that he was auditing recently. The problem he discusses is in the way regular expressions are written and the modifiers that may or may not be applied.
p. HTML editors are special form fields that allow Web site users to visually edit (WYSIWYG) rich text content formatted with HTML tags. HTML editors are powerful, but without proper security care, sites may be abused.
p. Chris Shiflett and Laura Thompson both announced on their blogs that during the lightning talks at last night’s PHP Meetup, Andrew van der Stock (executive director of OWASP) announced the Spring of Code 2007. This ambitious effort will distribute $100,000 to worthy projects.
A colleague of mine who is dealing with Plone, a CMS system built atop Zope, pointed me to a rather disturbing document in the Plone Documentation system, one that I feel is indicative of a much larger problem in the web app dev community.
p. Ed Finkler pinged me this morning about a couple of news items relating to PHPSecInfo. Click on inside, I’ll give you the scoop.
p. Federico Biancuzzi has published an interesting article at securityfocus.com in which he interviews Stefan Esser. Click on inside, let’s talk about this.
p. Ed Finkler sent out an email yesterday to thousands of his closest friends, announcing the release of the latest version of PHPSecInfo. If your not on his “A” list, click on inside and I’ll share the email with you.
p. In a recent story on slashdot.org about Stefan Esser resigning from the PHP security team, comments were flying fast and furious. Among them was a comment that Zeev Suraski felt misquoted him. Come on inside, I’ll share with you what I know.