Blog » Development »
Kategorie: Development
-
Code Inclusions on a Silver Plate
Looking for code inclusions? The versatile google cluster has a solution for this, like for many other tasks. This search lang:php \secho\([^)]*_REQUEST[^)]*\); lets You find various places where some variable from the superglobal $_REQUEST is printed with echo. By the same means, you can easily find places where such a variable is directly included in…
-
Buy one XSS, get a CSRF for free
Cross Site Request Forging (see http://en.wikipedia.org/wiki/Cross-site_request_forgery for more information) has been around for a while now. It misuses the trust of a web application that every request sent by the browser is wanted by its user.For example, if you know that i am logged in to our blog admin backend most of the time, and…
-
International PHP Conference 2006
Expect a great conference this year, with a lineup of great speakers. This time, I would like to thank all the speakers of this and the past 7 (!) conference shows, from PHP Kongress 2000 up to now. It’s great to see such a thriving PHP community over the last 8 years. Come to this…
-
Warum Staging Server so wichtig sind …
Der heutige Beitrag befasst sich mit der Frage, warum so genannte Staging- oder QS-Systeme sinnvoll sind. Wer „neu“ anfängt, der wird vielleicht noch auf dem Live-Server seine Änderungen direkt einspielen. Manchmal ist es jedoch auch so, dass die Fachabteilungen kein Geld dafür ausgeben wollen, sich im gleichen Atemzug aber darüber beschweren, warum da ein Fehler…
-
Interview mit Thomas Bachem, Chief Architect sevenload.de
[English readers: this is the start of a new series called „/dev/video“ (current project name, may change without further notice) which targets PHP and other web application developers and covers interviews with public projects and tech talk between Mayflower employees and other people. The series will be both in English and German, this first video…
-
Web2.0 Security: Warum im Web2.0 Gefahren lauern
Aus dem Symantec Internet Security Threat Report: 69% aller Vulnerabilities passieren in Webapplikationen. Die Mitre Corporation CVE Datenbank bestätigt: 21,5% aller Lücken sind XSS Lücken. Johann-Peter Hartmann, CTO Mayflower GmbH, zeigte auf der AJAX in Action in Frankfurt dieser Woche, warum insbesondere Web2.0 und XSS besonders weh tun: bis zu 100% der üblichen MVC (Model,…
-
Dear readers: Thank You!
Sebastian Bergmann mentioned the 5 year anniversary of the PHP Magazin in his blog and Kris Köhntopp’s article of the PHP Kongress back in 2000. I have been editor in chief of the PHP Magazin since 5 years now (it was the world’s first print publication dedicated only to PHP) and co-organised the world’s first…
-
Understanding successful tracing of security vulnerabilities
Web applications can easily become very complex. Several hundreds of thousands of lines of code (no HTML templates!) is usual at larger corporate solutions. This also means that your PHP applications follows the standards like object oriented programming, nested classes etc. When it comes down to detect security vulnerabilities, a lot of tools are available.…