Category: PHP security

Is the term adware new to you? For the technically proficient people, such term may not be entirely new to them. But for those who are intrigued by the term, it is now high time that you brace yourself with …

As more and more people online are creating their first website they find that the idea of using PHP codes a little challenging. HTML is so much easier to understand but it can only do so much. PHP scripts can …

View full article here: Drag and drop category management with CakePHP and Jquery our visit our blog today at EndYourIf.com

Today’s article is going to walk you through creating a slick drag and drop with …

The media has helped make cross-site scripting (XSS) a familiar term,

and the attention is deserved. It is one of the most common security

vulnerabilities in web applications, and many popular open source PHP

applications suffer from constant XSS vulnerabilities.

XSS attacks have the …

Despite the similarities in name, cross-site request forgeries (CSRF) are an almost opposite style of attack. Whereas XSS attacks exploit the trust a user has in a web site, CSRF attacks exploit the trust a web site has in a …

If you are one of the guys that read the PHP CVS commits you usually know about the security bugs months before the rest of the community and this is no news for you. During the last 24h the following …

Brought to you from one of the comments in my blog.
Google for "Stefan Esser" and get a sponsored link for Zend.
http://www.google.com/search?q=%22Stefan+Esser%22

Popularity: unranked [?]

Read more at blog-admin@nopiracy.de (Stefan Esser)

PHP 5.2.3 was released with several security fixes.
Again not all security fixes are mentioned in the release announcement.
Again security bugs known to the developers were not correctly fixed.
More info here.
PS: Why does PHP.net always release security fixes just before the …

Because the PHP developers do not want to fix the PHP 4 Reference Counter Overflow Vulnerability that was disclosed during the Month of PHP Bugs the Hardened-PHP Project as usual had to step in to protect the users of PHP.
I …

I just released Suhosin 0.9.20 that adds a few new features and bugfixes. The most important addition is that a mutex is placed around the call to the system’s crypt() function to ensure thread safety. This mutex is necessary to …

When you read the OWASP risk evaluation standard carefully you might get as confused as I got. They estimate the risk by first estimating the likelihood and then estimating the technical and business impact. The estimation is done by assigning …

One of the worst things in PHP security is the fact that vulnerabilities in PHP are usually patched in the CVS and then wait for months until they are disclosed to the public. Time enough for everyone to grab the …