Winners of the Month of PHP Security

June 10th, 2010

The Month of PHP Security is over and the MOPS CFP Committee has made a final decision about the ranking of the articles and tools submitted to us. And the winners are…

Related Event: Returning into the PHP Interpreter – Remote Exploitation of Memory Corruptions in PHP is not over, yet.

May 21st, 2010

On 18th of June 2010 Stefan Esser will present his PHP memory corruption exploitation talk at SyScan Singapore ‘10. The talk is about returning into the PHP interpreter from a remotely triggered memory corruption vulnerability in PHP. The vulnerability discussed will not be disclosed to the public during the Month of PHP Security.

Related Event: PHP Security Course – Advanced PHP Auditing at Source and Bytecode level

May 19th, 2010

Two weeks after the Month of PHP Security closes Stefan Esser will teach an advanced PHP security course at the SyScan Singapore security conference. The course will cover advanced techniques to audit PHP applications for security problems at source code and bytecode level. Don’t miss your chance to learn howto find PHP application security vulnerabilities from our PHP security expert himself.

Winners of the “CFP Spread the Word” Drawing

May 4th, 2010

Within our Call For Papers for Month of PHP Security we asked the general public to help us spread the word by blogging about the Month of PHP Security Call For Paper in order to make it more popular and increase the chance to get good submissions. As thank you we promised to draw ten names from the list of people that blogged about our call for paper and notify us about that and give them each a 25 EUR / 33 USD Amazon coupon.

Welcome to the Month of PHP Security

May 1st, 2010

We welcome you to the Month of PHP Security 2010. This initiative continues the effort of Hardened-PHP’s Month of PHP Bugs from 2007 to improve the security of PHP and the PHP ecosystem. During the Month of May 2010 we will post every day at least one new vulnerabilities in PHP and one new vulnerability in a PHP applications. In addition to that every other day we will post an article about a PHP security topic or a new PHP security tool. Among these articles and tools are those that were submitted to us during the Month of PHP Security CFP.

We also want to use this initial announcement to thank our sponsors again that made this event possible. Thank you SyScan 2010, thank you SektionEins GmbH and thank you Codescan Ltd..

We hope you will enjoy the Month of PHP Security and maybe even learn a few new things from the posted content.