[nycphp-talk] latest vulnerabilities...
Jon Baer
jonbaer at jonbaer.net
Tue Jun 10 12:30:12 EDT 2003
> This is a great idea. How could this get started? A blog? Forum? New
> software?
>
I was in the middle of setting up nycsnort.org for Snort/ACID related user
group but seems that alot of people that emailed me were more in tune with
doing an "open source security" related group that was more keen to things
like pen-testing web apps and other network va stuff. In fact I was a
little suprised by how little people did know in regards to SQL injection
capabilities + XSS.
A good forum is located at http://www.owasp.org/ where you could probably
apply PHP to the Top10 and it would make for a good demo, I find people are
quick to apply patches and then don't study or go over what was actually
done. Then again I always wished this list was kept up to date:
http://www.phpadvisory.com/advisories/index.phtml
Anyone know what happened to it?
- Jon
More information about the talk
mailing list