NYCPHP Meetup

NYPHP.org

[nycphp-talk] php vulns from SecurityFocus Newsletter # 211

Hans Zaunere hans at nyphp.org
Tue Aug 26 08:24:02 EDT 2003


> id like to see some demos of some security vulnerabilities that are
> constantly listed in security focus alerts @ some of the meetings ... for
> one @ the beginning of getting into php id dive into code that was part of
> some of these apps to notice how certain things were accomplished and then
> for the apps to be listed like this makes me a little nervous ... either
> that or a good white paper on secure php coding practices would help ...

That's a great idea Jon.  We could even start today! (ok by Sept. for sure :)

> i mean can this be taken as a joke:
> PHPSecureSite SQL Injection Vulnerabilities
> http://www.securityfocus.com/bid/8427

Unfortunately, I've found a lot of securityfocus's postings to be a little far fetched (like the vulnerability I pointed out the other week).

> (keep in mind this has already been fixed in the product) but the patch for
> the problem was not easily located to see what was done.  anyone have a link
> for these issues?

Maybe we should startup a "security corner" to complement the "newbie corner" at our meetings.  Akin to newbie topics, people could bring in security related patches, news and general topics.

H




More information about the talk mailing list