Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Developer Zone:
Security Tip #21 (Subscribe to BugTraq)
Apr 03, 2007 @ 11:20:00

The latest Security Tip has been posted on the Zend Developer Zone about the importance of the SecurityFocus newsletter.

Today’s PHP security tip is short, sweet and easily actionable. It fits in well with the theme of the last one, to stay vigilant. Here’s another resource for you to consider: If you are not already subscribed, you should subscribe to the Security Focus newsletter.

He links to their signup page and points out the most useful of their offerings - the BugTraq list.

BugTraq is a full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.
tagged: securitytip subscribe mailinglist bugtraq securityfocus securitytip subscribe mailinglist bugtraq securityfocus

Link:

Zend Developer Zone:
Security Tip #21 (Subscribe to BugTraq)
Apr 03, 2007 @ 11:20:00

The latest Security Tip has been posted on the Zend Developer Zone about the importance of the SecurityFocus newsletter.

Today’s PHP security tip is short, sweet and easily actionable. It fits in well with the theme of the last one, to stay vigilant. Here’s another resource for you to consider: If you are not already subscribed, you should subscribe to the Security Focus newsletter.

He links to their signup page and points out the most useful of their offerings - the BugTraq list.

BugTraq is a full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.
tagged: securitytip subscribe mailinglist bugtraq securityfocus securitytip subscribe mailinglist bugtraq securityfocus

Link:

SecurityFocus.com:
PHP Security From The Inside (Interview with Stefan Esser)
Feb 07, 2007 @ 11:36:00

Over on the SecurityFocus website, there's an interview posted with Stefan Esser of the Hardened-PHP Project (as interviewed by Federico Biancuzzi.

Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming "Month of PHP bugs" initiative, and common mistakes in the design of well-known applications such as WordPress.

Some of the topics discussed include

  • the Hardened-PHP Project
  • Suhosin
  • the PHP Security Response Team (his role in it and why he left)
  • PHP5's security focus versus PHP4's
  • and more...
Check out the full interview to have all of your questions answered.

tagged: stefanesser interview securityfocus security bug hardenedphp suhosin stefanesser interview securityfocus security bug hardenedphp suhosin

Link:

SecurityFocus.com:
PHP Security From The Inside (Interview with Stefan Esser)
Feb 07, 2007 @ 11:36:00

Over on the SecurityFocus website, there's an interview posted with Stefan Esser of the Hardened-PHP Project (as interviewed by Federico Biancuzzi.

Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming "Month of PHP bugs" initiative, and common mistakes in the design of well-known applications such as WordPress.

Some of the topics discussed include

  • the Hardened-PHP Project
  • Suhosin
  • the PHP Security Response Team (his role in it and why he left)
  • PHP5's security focus versus PHP4's
  • and more...
Check out the full interview to have all of your questions answered.

tagged: stefanesser interview securityfocus security bug hardenedphp suhosin stefanesser interview securityfocus security bug hardenedphp suhosin

Link:



PHP Security Consortium:
SecurityFocus Newsletter #345
Apr 17, 2006 @ 07:05:21

The <a href="http://www.phpsec.orgPHP Security Consortium has posted their latest SecurityFocus summary on their site today for April 11th, 2006.

Software mentioned in this edition includes:

  • PHPWebGallery
  • JetPhoto
  • PHPList
  • ShopWeezle
  • XBrite
  • PHPKIT

There are several more mentioned besides those above, so be sure to check out the full report to see if any scripts you use are effected.

tagged: securityfocus newsletter 345 securityfocus newsletter 345

Link:

PHP Security Consortium:
SecurityFocus Newsletter #345
Apr 17, 2006 @ 07:05:21

The <a href="http://www.phpsec.orgPHP Security Consortium has posted their latest SecurityFocus summary on their site today for April 11th, 2006.

Software mentioned in this edition includes:

  • PHPWebGallery
  • JetPhoto
  • PHPList
  • ShopWeezle
  • XBrite
  • PHPKIT

There are several more mentioned besides those above, so be sure to check out the full report to see if any scripts you use are effected.

tagged: securityfocus newsletter 345 securityfocus newsletter 345

Link:

PHP Security Consortium:
New SecurityFocus Summaries Posted (#333, #334, #340, #341)
Mar 27, 2006 @ 08:41:27

The PHP Security Consortium has posted four new SecurityFocus Summaries today.

  • Issue #341 - including issues for WordPress, DSCounter/DSNewsletter/DSPoll PollID, and MyBB
  • Issue #342 - including issues for PHPMyAdmin, SoftBB, CutePHP, and PHPWebSite
  • Issue #334 - including issues for Noah's Classifieds, VBulletin, and PEHEPE Membership Management System
  • Issue #340 - including issues for Navboard, PHPChamber, MyPhPim, and PHPNuke

As always, the latest issues are available from the Consortium's website under the Projects > SecurityFocus Summaries portion of the site. Check out the latest so you and your applications are protected.

tagged: securityfocus summaries posted securityfocus summaries posted

Link:

PHP Security Consortium:
New SecurityFocus Summaries Posted (#333, #334, #340, #341)
Mar 27, 2006 @ 08:41:27

The PHP Security Consortium has posted four new SecurityFocus Summaries today.

  • Issue #341 - including issues for WordPress, DSCounter/DSNewsletter/DSPoll PollID, and MyBB
  • Issue #342 - including issues for PHPMyAdmin, SoftBB, CutePHP, and PHPWebSite
  • Issue #334 - including issues for Noah's Classifieds, VBulletin, and PEHEPE Membership Management System
  • Issue #340 - including issues for Navboard, PHPChamber, MyPhPim, and PHPNuke

As always, the latest issues are available from the Consortium's website under the Projects > SecurityFocus Summaries portion of the site. Check out the latest so you and your applications are protected.

tagged: securityfocus summaries posted securityfocus summaries posted

Link: