Chris Shiflett has announced (via the phpsec.org mailing list) a new project to help make PHp installations safer in a simple, easy-to-use package - PHPSecInfo.

Ed Finkler of the PHP Security Consortium has launched a new project to help developers and system administrators audit PHP environments. PHPSecInfo provides a simple-to-use security audit system for the PHP environment, with a look and feel similar to that of the phpinfo() function.

PHPSecInfo currently has a suite of 16 tests. Interested PHP developers are encouraged to propose and write new tests for consideration as well as help refine the existing test suite. You can find contact information for Ed Finkler and any member of the PHP Security Consortium online at http://phpsec.org/contact/.

The development of the project is being partially sponsored by CERIAS at Purdue University. There's an example of the output from the script and a download dated for the beginning of August. Contributions are welcome and accepted, especially in certain areas like documentation, test writing, suggestions, and feedback.

Chris Shiflett has announced (via the phpsec.org mailing list) a new project to help make PHp installations safer in a simple, easy-to-use package - PHPSecInfo.

Ed Finkler of the PHP Security Consortium has launched a new project to help developers and system administrators audit PHP environments. PHPSecInfo provides a simple-to-use security audit system for the PHP environment, with a look and feel similar to that of the phpinfo() function.

PHPSecInfo currently has a suite of 16 tests. Interested PHP developers are encouraged to propose and write new tests for consideration as well as help refine the existing test suite. You can find contact information for Ed Finkler and any member of the PHP Security Consortium online at http://phpsec.org/contact/.

The development of the project is being partially sponsored by CERIAS at Purdue University. There's an example of the output from the script and a download dated for the beginning of August. Contributions are welcome and accepted, especially in certain areas like documentation, test writing, suggestions, and feedback.

The PHP Security Consortium has published more SecurityFocus Newsletters today:

• #320 - issues with phpMyAdmin, PHPWebSite, Complete PHP Counter, and Zeroblog
• #319 - issues with PHP-Fusion, MyBloggie, OSCommerce, and Utopia News
• #327 - issues with Drupal, PHPGreetz, PHPWordPress, NiceCoder iDesk, WebCalendar, and PHPAlbum (large list)
• #328 - issues with phpMyAdmin, Web4Future, PHPForumPro, Cars Portal Index, and MyBB

As always, the items mentioned above are only a small taste of the contents of the newsletters, so be sure to check them out in full to see if one of your applications is listed...

The PHP Security Consortium has published more SecurityFocus Newsletters today:

• #320 - issues with phpMyAdmin, PHPWebSite, Complete PHP Counter, and Zeroblog
• #319 - issues with PHP-Fusion, MyBloggie, OSCommerce, and Utopia News
• #327 - issues with Drupal, PHPGreetz, PHPWordPress, NiceCoder iDesk, WebCalendar, and PHPAlbum (large list)
• #328 - issues with phpMyAdmin, Web4Future, PHPForumPro, Cars Portal Index, and MyBB

As always, the items mentioned above are only a small taste of the contents of the newsletters, so be sure to check them out in full to see if one of your applications is listed...

The PHP Security Consortium has posted several SecurityFocus summaries today - #324, #323, #322, #317, #316.

• Applications in #324 include: Invision Power Board, PHPList, YaBB, TikiWiki, phpAdsNew, and PHPWebThings.
• Applications in #323 include: PHP errors with parse_str and phpinfo, Invision Gallery, PHPCafe, EyeOS, Simple PHP Blog, PHP Handicappe, and vBulletin.
• Applications included in #322 include: phpMyAdmin, PHPNuke, Platinum DBoardGear, PHP-Fusion, XOOPS, MyBulletinBoard, Mantis, and PHP Advanced Transfer Manager
• Applications included in #317 include: CutePHP, VBulletin, PunBB, PHPMyFAQ, Simplog, and Land Down Under
• Applications included in #316 include: PunBB, PHP-Nuke, PHPTagCool, ATutor, CutePHP, and AEwebworks.

If you are using any of the above applications, it's suggested that you update immediately. Also, if this not by far a complete listing of the applications listed in these simmaries. Be sure to check out the listing on each to see if your application is effected...

The PHP Security Consortium has posted several SecurityFocus summaries today - #324, #323, #322, #317, #316.

• Applications in #324 include: Invision Power Board, PHPList, YaBB, TikiWiki, phpAdsNew, and PHPWebThings.
• Applications in #323 include: PHP errors with parse_str and phpinfo, Invision Gallery, PHPCafe, EyeOS, Simple PHP Blog, PHP Handicappe, and vBulletin.
• Applications included in #322 include: phpMyAdmin, PHPNuke, Platinum DBoardGear, PHP-Fusion, XOOPS, MyBulletinBoard, Mantis, and PHP Advanced Transfer Manager
• Applications included in #317 include: CutePHP, VBulletin, PunBB, PHPMyFAQ, Simplog, and Land Down Under
• Applications included in #316 include: PunBB, PHP-Nuke, PHPTagCool, ATutor, CutePHP, and AEwebworks.

If you are using any of the above applications, it's suggested that you update immediately. Also, if this not by far a complete listing of the applications listed in these simmaries. Be sure to check out the listing on each to see if your application is effected...