The Check Point blog has posted the first part of a series from one of their vulnerability researchers about finding security vulnerabilities in the core WordPress code (and some of the results along with CVE numbers).

In this series of blog posts, Check Point vulnerability researcher Netanel Rubin tells a story in three acts – describing his long path of discovered flaws and vulnerabilities in core WordPress, leading him from a read-only ‘Subscriber’ user, through creating, editing and deleting posts, and all the way to performing SQL injection and persistent XSS attacks on 20% of the popular web.

In this first part he focuses on the concept of "identity" in a WordPress application. He focused on the "roles and capabilities" functionality to find bypass methods in operations like editing and adding new posts. As he works through his process, code is included from the WordPress core showing where the issue(s) lie and what would be needed to exploit the issue.

On the Zend Developer Zone today they've announced this month's Zend Framework Bug Hunt starting tomorrow (the 25th) and running through Saturday (the 27th):

For those who haven't put the recurring event in their calendar, the Zend Framework Monthly Bug-hunt is here again! This Thursday, Friday and Saturday (the 25th, 26th and 27th of August), we'll be hosting our monthly bug hunt. For those of you unfamiliar with the event, each month, we organize the community to help reduce the number of open issues reported against the framework

Ralph reminds everyone of the change in tracking methods in their Jira setup and how to find some issues to tackle when you start your debugging. You can also just visit this page to get the full list of unresolved issues. Additional instructions are included in the post on "getting started" resources, how your fixes help the framework and a guide you can follow to get the ball rolling.

Those developers out there currently looking for a job (you shouldn't have to look too far) might want to read Michelangelo van Dam's take on job hunting 101 for of his experiences when recruiters contacting him.

In this day and age, everyone uses the internet for finding new jobs or to find a new employee, but more and more I sense that it's all turning into one big mess. This blog post is devoted to all those people contacting me because they have the best job position. [...] I know it's a tough market out there, lot's of competition and so many technologies and skills to keep track off. I know, but it is [you, the recruiter's] business! You decided to dive right into the job chaos, so don't cry if you have to do a bit of work. Do you think we just turn on the computer and it writes code itself ? You do your job, I do mine.

He points out a few specific times a recruiter has sent emails about a "direct hire position" that needs filling immediately or a Java developer (when, clearly, Michelangelo is a PHP developer). He also points out to recruiters that, despite what they may think, they're almost never the only one getting in contact about the same job.

if you're out looking for a new PHP job, go check out the community itself. Most of us have a list of companies with PHP job vacancies or we have a shortlist of trustworthy, understanding recruiters that have touched base with the PHP community and won't let you down once you sign up.

If you haven't gotten a chance to participate in one of the Zend Framework Bug Hunt Days, you can get up and running pretty easily with this guide from Padraic Brady that introduces you to the concept and includes a few helpful hints to keep in mind when you participate.

Every month, the Zend Framework now holds a Bug Hunt, a period of about two days (usually a Thursay and Friday after the middle of the month) when everyone in the community is invited to assist in resolving (or reporting) issues to the Zend Framework Issue Tracker. The next event will occur this week on Thursday 19th and Friday 20th November - so there's no time like the present to get yourself familiar with the process.

He looks at why the developers chose to go with a bug hunt (to help make the framework better for everyone, the work needs to be done on a larger scale) and why your should take part in an event. He shares some tips on getting started - visiting the IRC channel, using the issue tracker, ask questions and a few others. Be sure to check out the last part of the post for his helpful tips on where to go from here.

Padraic Brady has pointed out the announcement starting a Zend Framework event - the monthly Bug Hunt (two days of effort to reduce the number of bugs in the popular framework).

As Matthew announced during the week on the mailing lists, Zend are sponsoring a two-day Bug Hunt every month starting today. And there will be prizes for those who solve lots of issues!

Matthew Weier O'Phinney made the announcement to the main Zend Framework mailing list about the twice-monthly event bringing together ZF staffers with those wanting to help make the Framework better. Prizes include t-shirts and Zend Studio licenses. For complete information on how you can get involved and where to start, check out the full message from Matthew

Johannes Schluter recommends that, this Easter, you not only enjoy the holiday and hunt some eggs but also do a little bug hunting at the same time:

Around Easter there are different holidays, in Germany for instance Friday and Monday are holidays. This gives you some time without annoying customers and colleagues asking you to do stuff. So what could you PHP geeks do when getting bored? - A good idea is to test PHP development snapshots.

The PHP group has put out the second release candidate for PHP 5.2.6 and is looking for a few good testers to help them find whatever issues may lie deep in its code. Accoring to Johannes, though, not much should be broken this time. It's PHP 5.3 everyone should really watch out for...

So grab a snapshot and get testing!