Kauft das PHP-Sicherheitsbuch!Links Tag cloud@christopherkunz
|
Entries tagged as php-sicherheit
notebook artikel cebit conference eee ez hannover heise ix messe moobicent netbok netbook pear php samsung security sicherheit spam ssl subnotebook tls umts usb vodafone vortrag debian wolfenstein XMLRPC #php.de administration advisory apache aps book review buch bugfix cacti certificate cgi cms compatibility compiling cryptography CVE-2012-1823 CVE-2012-2311 CVE-2012-2329 distribution encoding encryption exploit extension filter flickr google hosting hotfix information disclosure irc Kryptografie linux linuxhotel mod_security norway open source PHPKIT phpsysinfo release announcement remote code execution remote command execution scalability schulung seminar software as a service spdy sql injection suhosin system administration typo3 university Vikinger virus vulnerability web application webapplikationen white labelling whois worm xss php 5.4.0 bugs eaccelerator gallery Roundcube SQLite update upgrade wheezy reallife master's thesis Chain of trust FUD Grid marketing reenactment Typo3 vikinger zertifikate 1 absynth advance fee fraud chain of trust grid nigeria scam password phishing pump 'n dump qmail vpopmail XSS cookie Hannover master's degree world of warcraft wow ca CeBIT osdc PHP Heise Vortrag
Monday, April 2. 2012Upgrade woes III: Suhosin and PHP 5.4.0
Update: There is now a new version of Suhosin that is compatible with PHP 5.4.0 and 5.4.1. You can download it from Stefan Esser’s Github account (.tar.gz .zip). It compiles and runs well with PHP 5.4.0-3 (Debian Wheezy). PHP 5.4.0-3 (cli) (built: Mar 21 2012 20:33:26) Thanks to andro for pointing this out. There is an installation howto over on php-security.net. Thursday, September 11. 2008Warning about the article "SQL Injection" in current "PHP Magazin"
It is not usually my custom to comment negatively or nitpick on other people's articles in magazines, especially not in magazines I have written for. This time however, I really must raise my voice to point out a couple of (well, actually a lot of) issues in an article about SQL injection in the current (October/November) issue of the german "PHP Magazin". I stumbled upon this when Pelle Boese of Mobile SEO fame told me about it.
As a couple of you should still remember, I wrote for that magazine until about one and a half years ago. I stopped writing for a couple of reasons. First and foremost, my shift towards Grid computing, my master's thesis and work took too much time. However, the, let's say, lean editorial process always kinda weirded me out. Mostly, manuscripts were printed as written, with no editorial changes at all. This is very trusting, but sometimes leads to fuck-ups like the one below. Continue reading "Warning about the article "SQL Injection" in current "PHP Magazin"" Tuesday, July 1. 2008Adsense-Empfehlungen werden eingestelltMonday, March 12. 2007Quick status updateWith the last entry in this blog being over 2 months old, I guess it’s time for a quick update. Actually, not much has changed. I am in the middle of my master’s thesis, lagging behind schedule as usual, and in parallel trying to get past my last exams for university. Doing both in parallel is not as much fun as you might think, especially with some other stuff looming behind. I have successfully deployed a couple of customers in the last weeks, most notably the folks at SwooDoo. Their PHP-MySQL-AJAX-driven flight search engine is definitely one of those useful sites that I’m proud to host. The second edition of our book, PHP-Sicherheit, is now under wraps, expanded by about 50 pages. I have written up a chapter on ext/filter (with a mixed recommendation) and expanded the web server filtering chapter by mod_parmguard. Other than that, Stefan has completely rewritten the chapter on “Hardening PHP” and we have changed a whole lot of stuff that was either outdated or included some tiny little errors. I wouldn’t go as far as to say you need to buy this book if you don’t have the first edition, but if you don’t have it at all, wait until late march to grab your copy. Next weekend, I’ll be presenting some funny XSS stuff at the Heise booth on CeBIT (Hall 5, Booth E38). If someone wants to meet me at the fair, please drop me a line ASAP. Apart from that, the next time I’ll be visible in the PHP community is the PHP Conference Spring Edition taking place in Stuttgart May 21 - 23. I’ll be presenting XSS stuff on the Webinale part of the conference. Due to time constraints, I won’t be present for more than 2 days, though - so probably I’ll leave straight after my session. Why is that? My thesis is due on the 31st, so go figure. Thursday, November 9. 2006PHP Conference 2006 - Session Slides and Quiz answersI already blogged this at our PHP Security Blog, but it is not (yet? hey Toby
Continue reading "PHP Conference 2006 - Session Slides and Quiz answers" PHP Conference 2006 - Session Slides and Quiz answersI already blogged this at our PHP Security Blog, but it is not (yet? hey Toby
Continue reading "PHP Conference 2006 - Session Slides and Quiz answers" Monday, February 6. 2006Book Announcement: "PHP-Sicherheit"
Für alle, die schon darauf gewartet haben: Peters und mein Buch, “PHP-Sicherheit”, ist endlich da! Ihr könnt das Werk, auf das wir im Übrigen ziemlich stolz sind, bei Amazon und direkt beim Verlag bestellen. Für die unvermeidlichen Errata gibts eine eigene Website: PHP-Sicherheit.de.
For everyone who’s been waiting for it: Peter’s and my book, “PHP-Sicherheit” (in german only) is finally available. You can order the book - of which we’re very proud - via amazon.de or directly from the publisher. There’s going to be an errata/updates web site under PHP-Sicherheit.de. Wednesday, November 9. 2005Back home from the International PHP Conference
That’s it - I’m home again, after almost four extremely rewarding and interesting days at the International PHP Conference in Frankfurt. The conference offered a chance to get together with all the cool guys from the international community, mix and mingle, drink lots of beer (my bar invoice was around 80 bucks) and of course hack at PHP. Since we had our own booth for the Hardened-PHP Project, we had the opportunity to pitch or little thingy to a wider base of interested developers and administrators, and the discussions at the booth sparked some new ideas for the Hardening Patch. We were also able to show off two advance copies of my (and my coauthor Peter Prochaska’s) first book, “PHP-Sicherheit”. It is the first german book dedicated to the security of our favorite scripting language, and after having it under public scrutiny for three days, I’m now confident it’s gonna be a success. Thanks to everyone for their feedback! For everyone who’s been in one of my talks, thanks for your interest to you guys and see you on the next conference. I will upload the slides to both presentations to my web server and notify everyone with a separate posting. Thursday, November 3. 2005International PHP Conference 2005
As usual, I will be in attendance of the International PHP Conference in Frankfurt/Germany again, marking my 7th (or 8th, including the Amsterdam conferences) participation in this event. This year, however, promises to be a very special conference. Exciting things are going to happen - read more in the extended entry. Continue reading "International PHP Conference 2005" Sunday, July 10. 2005Neue Website des Hardened-PHP Project online
Seit dem Wochenende ist die neue Website des Hardened-PHP Project online, an dem ich mitwirke. Zusätzlich zum mittlerweile in der Version 0.3.2 erschienenen Hardening-Patch für PHP werden wir eine Sammlung aller von uns herausgegebenen Advisories sowie weiteren PHP-Security bezogenen Content anbieten. Und: Man kann uns mieten, um als Bugjäger eigene PHP-Applikationen auf Securityprobleme zu untersuchen.
Wednesday, June 29. 2005KRITISCHES BUGFIX RELEASE FÜR SERENDIPITY
Kein großes blabla, direkt updaten! Eine kritische xmlrpc-Lücke ist in allen S9Y-Versionen vorhanden, wie Sebastian Nohn schreibt. |
) aggregated on planet-php, so here goes again.