News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

php|architect:
ProPHP Podcast - Interview with Ed Finkler
April 26, 2007 @ 14:08:00

In a new installation of the Pro::PHP Podcast just released, Paul Reinheimer sits down and talks with Ed Finkler, "web and security archive administrator".

Ed Finkler is also a primary developer on the PHPSecInfo project, an effort to help bring a baseline of security to developers and their applications:

PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

Check out some of Ed's own comments about the interview in this new blog entry.

0 comments voice your opinion now!
podcast interview edfinkler phpsecinfo podcast interview edfinkler phpsecinfo


Ed Finkler's Blog:
Slides from PHPSecInfo Presentation
March 22, 2007 @ 11:22:00

Ed Filnker has posted a note about the slides that he presented as a part of the 8th Annual CERIAS Information Security Symposium.

The presentation [pdf] looks at the state of PHP development, the parties involved (including the "deployer") and the use of the PHPSecInfo application to help said "deployer" find issues they might miss otherwise. Of course, there's also a section on getting PHPSecInfo up and working on your system (you can unzip, right?) and other add-ons you can use to help avoid questions down the line (like the use of the Zend_Environment security module in the Zend Framework to test security).

Check out the PDF here and keep an eye on his blog for an upcoming video of the presentation.

UPDATE: he's also posted the audio for the presentation as well - grab the mp3.

0 comments voice your opinion now!
phpsecinfo presentation slides pdf video phpsecinfo presentation slides pdf video


Zend Developer Zone:
PHP Security Tip #13
March 20, 2007 @ 12:17:00

In the latest security tip from the Zend Developer Zone, Cal Evans points out a tool previously mentioned in passing that he feels deserves its own post - PHPSecInfo.

PHPSecInfo is a great tool to use to keep an eye on your production environment. It was written by Ed Finkler of CERIAS, the Center for Education and Research in Information Assurance and Security at Purdue University. It is officially a project of the PHP Security Consortium.

The tool allows you to easily run a security audit against your system and find the issues in a familiar phpinfo() style of result. Remember, it's a starting place - not an ending one. Security is more than just running a script to check once and a while.

0 comments voice your opinion now!
phpsecinfo security tool tip phpsecurityconsortium phpsecinfo security tool tip phpsecurityconsortium


Ed Finkler's Blog:
PHPSecInfo v0.2 now Available
March 05, 2007 @ 13:39:00

The latest version of the popular (and simple) PHP security audit tool, PHPSecInfo, has been released - version 0.2.

The major changes in this version [zip] include:

  • "More info" links to give you details on the specified issue
  • CSS/layout changes to make understanding the results simpler
  • a new test - PhpSecInfo_Test_Session_Save_Path
  • and more...
Check out the Changelog for complete information on the update or just head over and download it now.

0 comments voice your opinion now!
phpsecinfo release version test moreinfo link download mailinglist phpsecinfo release version test moreinfo link download mailinglist


Zend Developer Zone:
PHPSecInfo New release (0.1.2), new plans
December 27, 2006 @ 11:37:00

In a new article on the Zend Developer Zone, Ed Finkler talks a bit about the newly released version of the PHPSecInfo package (version 0.1.2) and what some of the future plans for it are.

New release, new plans! First off, a new build of PHPSecInfo is out. Version 0.1.2, build 20061218. Per usual, get your new version from http://phpsec.org/projects/phpsecinfo/.

New features include:

  • Code is now licensed under 'New BSD' license. See LICENSE
  • fix bug in post_max_size check where upload_max_size value was being checked
  • Now providing an md5 hash for releases
And some of the plans for the future include more detailed test results, a web-based "glossary" of howtos on fixing problems, and more tests for more cases.

If you'd like to contribute tests or other resources to the project, head over to its homepage and let them know.

1 comment voice your opinion now!
phpsecinfo release feature future plan phpsecorg phpsecinfo release feature future plan phpsecorg


Zend Developer Zone:
Ed Finkler Talks About PHPSecInfo
October 23, 2006 @ 09:37:00

Cal Evans over on the Zend Developer Zone has another of his infamous (well, okay - not infamous, but definitely good) interviews with people all around the PHP community. This time, it's a chat with Ed Finkler, a developer over at CERIAS concerning the new security tool designed to help even the security-clueless to protect themselves and their system.

Intrigued as much by this project, as I was by the fact that Ed wrote me and told me it was time for me to interview him, I called Ed and we talked about the project.

They talk about where the idea for the tool came from, one of the targets for the use of the project (those on shared hosting), and the mention that it is modular in design and they are more than happy to have developers work up tests to be sure things are working 100% correctly.

0 comments voice your opinion now!
interview phpsecinfo tool shared hosting cerias tests interview phpsecinfo tool shared hosting cerias tests


PHP Security Consortium:
New Product Launch - PHPSecInfo
October 20, 2006 @ 10:30:08

Chris Shiflett has announced (via the phpsec.org mailing list) a new project to help make PHp installations safer in a simple, easy-to-use package - PHPSecInfo.

Ed Finkler of the PHP Security Consortium has launched a new project to help developers and system administrators audit PHP environments. PHPSecInfo provides a simple-to-use security audit system for the PHP environment, with a look and feel similar to that of the phpinfo() function.

PHPSecInfo currently has a suite of 16 tests. Interested PHP developers are encouraged to propose and write new tests for consideration as well as help refine the existing test suite. You can find contact information for Ed Finkler and any member of the PHP Security Consortium online at http://phpsec.org/contact/.

The development of the project is being partially sponsored by CERIAS at Purdue University. There's an example of the output from the script and a download dated for the beginning of August. Contributions are welcome and accepted, especially in certain areas like documentation, test writing, suggestions, and feedback.

0 comments voice your opinion now!
phpsecinfo product launch security consortium phpsecinfo product launch security consortium



Community Events





Don't see your event here?
Let us know!


podcast tool laravel framework series language opinion security mvc composer version package library community update release interview introduction symfony voicesoftheelephpant

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework