[nycphp-talk] php vulns from SecurityFocus Newsletter # 211

Hans Zaunere hans at
Tue Aug 26 08:24:02 EDT 2003

> id like to see some demos of some security vulnerabilities that are
> constantly listed in security focus alerts @ some of the meetings ... for
> one @ the beginning of getting into php id dive into code that was part of
> some of these apps to notice how certain things were accomplished and then
> for the apps to be listed like this makes me a little nervous ... either
> that or a good white paper on secure php coding practices would help ...

That's a great idea Jon.  We could even start today! (ok by Sept. for sure :)

> i mean can this be taken as a joke:
> PHPSecureSite SQL Injection Vulnerabilities

Unfortunately, I've found a lot of securityfocus's postings to be a little far fetched (like the vulnerability I pointed out the other week).

> (keep in mind this has already been fixed in the product) but the patch for
> the problem was not easily located to see what was done.  anyone have a link
> for these issues?

Maybe we should startup a "security corner" to complement the "newbie corner" at our meetings.  Akin to newbie topics, people could bring in security related patches, news and general topics.


More information about the talk mailing list