[nycphp-talk] analysis of php attacks
Ben Sgro
ben at projectskyline.com
Thu Oct 20 16:15:44 EDT 2011
Hello Dan,
> but it'd be good to know which holes are currently being exploited.
Well of course it would be, but I think we can safely assume it's unpatched known exploits
in common popular software platforms (wordpress, drupal modules, etc) or 0days against the same.
We'll see soon enough.
For those of you who are not familiar with OWASP, take a minute to review. There is a ton of great
security related information and methodologies there.
- Ben
On Oct 20, 2011, at 3:48 PM, Daniel Convissor wrote:
> Hi:
>
> http://nakedsecurity.sophos.com/2011/10/19/analysis-of-compromised-web-sites-hacked-php-scripts/
>
> Alas, it only looks at the results of the attack, not how the attacks
> are getting through in the first place. Of course, this is how:
> https://www.owasp.org/index.php/PHP_Top_5#P1:_Remote_Code_Execution
> but it'd be good to know which holes are currently being exploited.
>
> --Dan
>
> --
> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
> data intensive web and database programming
> http://www.AnalysisAndSolutions.com/
> 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
More information about the talk
mailing list