tag:security.phpmagazine.net,2008://40 2008-06-25T18:44:08Z tag:security.phpmagazine.net,2008://40.6317 2008-06-20T21:48:18Z 2008-06-25T18:44:08Z

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are...

Hatem http://www.phpmagazine.net HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are... tag:security.phpmagazine.net,2008://40.6276 2008-05-31T06:31:39Z 2008-05-31T06:40:14Z

To keep your database safe from SQL injection attacks, GreenSQL is a new Open Source database firewall that you might give a try. GreenSQL works as a reverse proxy and has built in support for MySQL. The logic is based...

Hatem http://www.phpmagazine.net To keep your database safe from SQL injection attacks, GreenSQL is a new Open Source database firewall that you might give a try. GreenSQL works as a reverse proxy and has built in support for MySQL. The logic is based... tag:security.phpmagazine.net,2008://40.6241 2008-04-19T07:19:36Z 2008-04-19T07:53:22Z

Last month we started hearing reports about an Iframe injection that infected thousands of websites and servers. The malware in question is a variant of Zlob and attempt to install itself in the client-side throught an ActiveX, as an unsigned...

Hatem http://www.phpmagazine.net Last month we started hearing reports about an Iframe injection that infected thousands of websites and servers. The malware in question is a variant of Zlob and attempt to install itself in the client-side throught an ActiveX, as an unsigned... tag:security.phpmagazine.net,2007://40.6102 2007-08-13T18:29:04Z 2007-08-13T18:52:31Z

When a server is not well configured and the system administrator didn't make his job correctly, there is no reason to blame PHP. It's not in defense of the PHP scripting language, but to be realistic and to give to...

Hatem http://www.phpmagazine.net When a server is not well configured and the system administrator didn't make his job correctly, there is no reason to blame PHP. It's not in defense of the PHP scripting language, but to be realistic and to give to... tag:security.phpmagazine.net,2007://40.6007 2007-06-20T09:15:18Z 2007-06-20T09:29:54Z

PHPIDS is a security PHP project which aims to provide a security application layer to protect any PHP web application. Using PHPIDS you will be able to see who is attacking your site and how, while keeping your project safe....

Hatem http://www.phpmagazine.net PHPIDS is a security PHP project which aims to provide a security application layer to protect any PHP web application. Using PHPIDS you will be able to see who is attacking your site and how, while keeping your project safe.... tag:security.phpmagazine.net,2007://40.5939 2007-05-16T14:57:00Z 2007-05-16T20:07:38Z

Ilia Alshanetsky posted his talks over the PHP|Tek 2007. The two tutorials took 6 hours of talking, waw ! And it's quite interesting. One of the tutorials is about Securing PHP Applications (PDF) and include a security roundup for PHP...

Hatem http://www.phpmagazine.net Ilia Alshanetsky posted his talks over the PHP|Tek 2007. The two tutorials took 6 hours of talking, waw ! And it's quite interesting. One of the tutorials is about Securing PHP Applications (PDF) and include a security roundup for PHP... tag:security.phpmagazine.net,2007://40.5802 2007-04-08T19:49:10Z 2007-04-08T19:53:59Z

PHP Security Consortium released PhpSecInfo 0.2.1 an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. The new release fixed some significant bugs, from the changelog : uid and gid tests...

Hatem http://www.phpmagazine.net PHP Security Consortium released PhpSecInfo 0.2.1 an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. The new release fixed some significant bugs, from the changelog : uid and gid tests... tag:security.phpmagazine.net,2007://40.5781 2007-04-03T10:39:51Z 2007-04-03T10:45:23Z

Armorize Technologies have an interesting on-demand PHP source code analysis service CodeSecure. The product developed specifically for PHP, represents a powerful tool for identifying and fixing vulnerabilities in custom developed PHP applications. CodeSecure utilizes the latest verification technology to analyze...

Hatem http://www.phpmagazine.net Armorize Technologies have an interesting on-demand PHP source code analysis service CodeSecure. The product developed specifically for PHP, represents a powerful tool for identifying and fixing vulnerabilities in custom developed PHP applications. CodeSecure utilizes the latest verification technology to analyze... tag:security.phpmagazine.net,2007://40.5681 2007-03-05T15:10:00Z 2007-03-05T16:27:16Z

Month of PHP Bugs already started, and there is until today 11 Bugs posted. The goal is to make PHP more secure and make people and developers aware of insecurities in the language. Day by day vulnerabilities vulnerabilities in the...

Hatem http://www.phpmagazine.net Month of PHP Bugs already started, and there is until today 11 Bugs posted. The goal is to make PHP more secure and make people and developers aware of insecurities in the language. Day by day vulnerabilities vulnerabilities in the... tag:security.phpmagazine.net,2007://40.5635 2007-02-22T16:00:24Z 2007-02-22T16:08:32Z

Slashdotted, As previously announced in an interview with Stefan Esser, March 2007 will be the month of PHP Bugs. A new initiative which goal is to make PHP more secure and discuss with more transparency the security issues related to...

Hatem http://www.phpmagazine.net Slashdotted, As previously announced in an interview with Stefan Esser, March 2007 will be the month of PHP Bugs. A new initiative which goal is to make PHP more secure and discuss with more transparency the security issues related to... tag:security.phpmagazine.net,2007://40.5574 2007-02-10T06:31:39Z 2007-02-10T06:47:33Z

Apocalypse Now Just because you think your data is safe does not mean your database of sensitive organization information has not already been cloned and is resident elsewhere ready to be sold to the highest bidder. To make matters worse,...

Hatem http://www.phpmagazine.net Apocalypse Now Just because you think your data is safe does not mean your database of sensitive organization information has not already been cloned and is resident elsewhere ready to be sold to the highest bidder. To make matters worse,... tag:security.phpmagazine.net,2007://40.5567 2007-02-08T14:35:45Z 2007-02-08T14:38:34Z

SecurityFocus posted an interview with Stefan Esser, the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). In the interview Federico Biancuzzi discussed with him how the PHP Security Response Team works, why...

Hatem http://www.phpmagazine.net SecurityFocus posted an interview with Stefan Esser, the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). In the interview Federico Biancuzzi discussed with him how the PHP Security Response Team works, why... tag:security.phpmagazine.net,2007://40.5442 2007-01-01T14:17:30Z 2007-01-01T11:22:16Z

A serious Gmail security bug have been reported where anyone can access your contact list just visiting a malicious page. The Javascript have been made public probably for usage with Google Docs since the url is linked from there, but...

Hatem http://www.phpmagazine.net A serious Gmail security bug have been reported where anyone can access your contact list just visiting a malicious page. The Javascript have been made public probably for usage with Google Docs since the url is linked from there, but... tag:security.phpmagazine.net,2006://40.5350 2006-12-14T12:17:49Z 2006-12-14T09:21:25Z

Stefan have announced officially on his blog that he's finally retired from the PHP Security Response Team. The reasons are many, but according to Stefan the most important reason was that he realised that any attempt to improve the security...

Hatem http://www.phpmagazine.net Stefan have announced officially on his blog that he's finally retired from the PHP Security Response Team. The reasons are many, but according to Stefan the most important reason was that he realised that any attempt to improve the security... tag:security.phpmagazine.net,2006://40.5256 2006-11-23T20:30:00Z 2006-11-23T17:35:10Z

Slashdotted today an experience to anonymizing RFI Attacks Through Google. An interesting approach that search engines should be aware, and if it could be done using Google crawler, it could be done also using any other spider : Noam Rathaus...

Hatem http://www.phpmagazine.net Slashdotted today an experience to anonymizing RFI Attacks Through Google. An interesting approach that search engines should be aware, and if it could be done using Google crawler, it could be done also using any other spider : Noam Rathaus...