web application security

On 18th of June 2010 Stefan Esser will present his PHP memory corruption exploitation talk at SyScan Singapore ‘10.

The talk is about returning into the PHP interpreter from a remotely triggered memory corruption vulnerability in PHP.

The vulnerability discussed will not be disclosed to the public during the Month of PHP Security.

Returning into the PHP Interpreter

Remote Exploitation of Memory Corruptions in PHP is not over, yet.

Here's what was popular in the PHP community one year ago today:

• Sameer's Blog: Simple Pagination in PHP tutorial
• Stoyan Stefanov's Blog: Best open-source PHP CMS 2008
• ProDevTips.com: PHP Doctrine - adding automatic, simple CRUD
• Rob Allen's Blog: Using Action Helpers in Zend Framework
• Bradley Holt's Blog: PHP In Google App Engine?

Web Application Security Consortium: "Web Application Security Scanners are automated tools to test web applications for common security problems such as Cross-Site Scripting, SQL Injection, Directory Traversal, insecure configurations, and remote command execution vulnerabilities."

InternetNews: "The idea behind the IT security concept known as the honeypot is all about luring hackers into a server or network so they can be tracked.

The Web Application Security Consortium (WASC) has its own particular brand of honey to attract would-be attackers -- a blend of open source and open proxies."