[nycphp-talk] analysis of php attacks
Matthew Kaufman
mkfmncom at gmail.com
Thu Oct 20 16:16:48 EDT 2011
Encoding, Javascript, Even over HTTP Headers.
LOL I love this post because Quite a bit of ways and way too many to
list; Daniel I really appreciate this post and your consulting company
looks really great.
On Thu, Oct 20, 2011 at 4:15 PM, Ben Sgro <ben at projectskyline.com> wrote:
> Hello Dan,
>
>> but it'd be good to know which holes are currently being exploited.
>
> Well of course it would be, but I think we can safely assume it's unpatched known exploits
> in common popular software platforms (wordpress, drupal modules, etc) or 0days against the same.
>
> We'll see soon enough.
>
> For those of you who are not familiar with OWASP, take a minute to review. There is a ton of great
> security related information and methodologies there.
>
> - Ben
>
> On Oct 20, 2011, at 3:48 PM, Daniel Convissor wrote:
>
>> Hi:
>>
>> http://nakedsecurity.sophos.com/2011/10/19/analysis-of-compromised-web-sites-hacked-php-scripts/
>>
>> Alas, it only looks at the results of the attack, not how the attacks
>> are getting through in the first place. Of course, this is how:
>> https://www.owasp.org/index.php/PHP_Top_5#P1:_Remote_Code_Execution
>> but it'd be good to know which holes are currently being exploited.
>>
>> --Dan
>>
>> --
>> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
>> data intensive web and database programming
>> http://www.AnalysisAndSolutions.com/
>> 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
>> _______________________________________________
>> New York PHP Users Group Community Talk Mailing List
>> http://lists.nyphp.org/mailman/listinfo/talk
>>
>> http://www.nyphp.org/Show-Participation
>
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation
>
More information about the talk
mailing list