[nycphp-talk] php vulns from SecurityFocus Newsletter # 211
hans at nyphp.org
Tue Aug 26 08:24:02 EDT 2003
> id like to see some demos of some security vulnerabilities that are
> constantly listed in security focus alerts @ some of the meetings ... for
> one @ the beginning of getting into php id dive into code that was part of
> some of these apps to notice how certain things were accomplished and then
> for the apps to be listed like this makes me a little nervous ... either
> that or a good white paper on secure php coding practices would help ...
That's a great idea Jon. We could even start today! (ok by Sept. for sure :)
> i mean can this be taken as a joke:
> PHPSecureSite SQL Injection Vulnerabilities
Unfortunately, I've found a lot of securityfocus's postings to be a little far fetched (like the vulnerability I pointed out the other week).
> (keep in mind this has already been fixed in the product) but the patch for
> the problem was not easily located to see what was done. anyone have a link
> for these issues?
Maybe we should startup a "security corner" to complement the "newbie corner" at our meetings. Akin to newbie topics, people could bring in security related patches, news and general topics.
More information about the talk