NYCPHP Meetup

NYPHP.org

[nycphp-talk] analysis of php attacks

Ben Sgro ben at projectskyline.com
Thu Oct 20 16:15:44 EDT 2011


Hello Dan, 

> but it'd be good to know which holes are currently being exploited.

Well of course it would be, but I think we can safely assume it's unpatched known exploits
in common popular software platforms (wordpress, drupal modules, etc) or 0days against the same.

We'll see soon enough.

For those of you who are not familiar with OWASP, take a minute to review. There is a ton of great
security related information and methodologies there. 

- Ben

On Oct 20, 2011, at 3:48 PM, Daniel Convissor wrote:

> Hi:
> 
> http://nakedsecurity.sophos.com/2011/10/19/analysis-of-compromised-web-sites-hacked-php-scripts/
> 
> Alas, it only looks at the results of the attack, not how the attacks
> are getting through in the first place.  Of course, this is how:
> https://www.owasp.org/index.php/PHP_Top_5#P1:_Remote_Code_Execution
> but it'd be good to know which holes are currently being exploited.
> 
> --Dan
> 
> -- 
> T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
>            data intensive web and database programming
>                http://www.AnalysisAndSolutions.com/
> 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
> 
> http://www.nyphp.org/Show-Participation




More information about the talk mailing list