Web Security Magazine

Inspekt, Input Filtering And Validation Library For PHP5

Thu, 25 Jun 2009 20:14:24 +0000

Inspekt is a PHP library that makes it easier to write secure web applications, and released under New BSD License. Inspekt acts as a sort of 'firewall' API between user input and the rest of the application. It takes PHP...

Be Aware, Conficker is Dangerous Worm Not A Funny April Fool

Mon, 30 Mar 2009 19:18:41 +0000

This April 1st will be not funny at all for security experts. We are at D-1 and until today nobody knows what this worm so called Conficker C can really do ! It can damage your computer, your data, steal...

HTML Purifier, Standards-Compliant HTML Filtering

Fri, 20 Jun 2008 21:48:18 +0000

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are...

GreenSQL, Open Source Database Firewall Solution

Sat, 31 May 2008 06:31:39 +0000

To keep your database safe from SQL injection attacks, GreenSQL is a new Open Source database firewall that you might give a try. GreenSQL works as a reverse proxy and has built in support for MySQL. The logic is based...

Mass Iframe Attack Continue Infecting Sites

Sat, 19 Apr 2008 07:19:36 +0000

Last month we started hearing reports about an Iframe injection that infected thousands of websites and servers. The malware in question is a variant of Zlob and attempt to install itself in the client-side throught an ActiveX, as an unsigned...

Facebook code revealed : Mod_PHP Leakage is not PHP fault

Mon, 13 Aug 2007 18:29:04 +0000

When a server is not well configured and the system administrator didn't make his job correctly, there is no reason to blame PHP. It's not in defense of the PHP scripting language, but to be realistic and to give to...

PHPIDS, PHP-Intrusion Detection System

Wed, 20 Jun 2007 09:15:18 +0000

PHPIDS is a security PHP project which aims to provide a security application layer to protect any PHP web application. Using PHPIDS you will be able to see who is attacking your site and how, while keeping your project safe....

Securing PHP Applications

Wed, 16 May 2007 14:57:00 +0000

Ilia Alshanetsky posted his talks over the PHP|Tek 2007. The two tutorials took 6 hours of talking, waw ! And it's quite interesting. One of the tutorials is about Securing PHP Applications (PDF) and include a security roundup for PHP...

PhpSecInfo 0.2.1 Released

Sun, 08 Apr 2007 19:49:10 +0000

PHP Security Consortium released PhpSecInfo 0.2.1 an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. The new release fixed some significant bugs, from the changelog : uid and gid tests...

Armorize CodeSecure, On-Demand PHP Source Code Analysis

Tue, 03 Apr 2007 10:39:51 +0000

Armorize Technologies have an interesting on-demand PHP source code analysis service CodeSecure. The product developed specifically for PHP, represents a powerful tool for identifying and fixing vulnerabilities in custom developed PHP applications. CodeSecure utilizes the latest verification technology to analyze...

Will PHP Be More Secure On March 2007 ?

Mon, 05 Mar 2007 15:10:00 +0000

Month of PHP Bugs already started, and there is until today 11 Bugs posted. The goal is to make PHP more secure and make people and developers aware of insecurities in the language. Day by day vulnerabilities vulnerabilities in the...

March 2007, The Month of PHP Bugs

Thu, 22 Feb 2007 16:00:24 +0000

Slashdotted, As previously announced in an interview with Stefan Esser, March 2007 will be the month of PHP Bugs. A new initiative which goal is to make PHP more secure and discuss with more transparency the security issues related to...

Is your website hackable? Why you need to worry

Sat, 10 Feb 2007 06:31:39 +0000

Apocalypse Now Just because you think your data is safe does not mean your database of sensitive organization information has not already been cloned and is resident elsewhere ready to be sold to the highest bidder. To make matters worse,...

SecurityFocus Interview PHP Security Expert Stefan Esser

Thu, 08 Feb 2007 14:35:45 +0000

SecurityFocus posted an interview with Stefan Esser, the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). In the interview Federico Biancuzzi discussed with him how the PHP Security Response Team works, why...

Serious Gmail Vulnerability discovered

Mon, 01 Jan 2007 14:17:30 +0000

A serious Gmail security bug have been reported where anyone can access your contact list just visiting a malicious page. The Javascript have been made public probably for usage with Google Docs since the url is linked from there, but...