Mayflower Blog

About

Björn Schotte
Avatar von Björn Schotte
Björn Schotte ist geschäftsführender Gesellschafter der Mayflower GmbH und Senior Consultant im Umfeld von Software- und Agilen Organisations-Themen. Er twittert unter @BjoernSchotte und ist auf Xing sowie LinkedIn erreichbar. Seine Vorträge finden sich bei Slideshare.

  • Webmontag Köln: AJAX Security, die Slides

    von

    Björn Schotte

    Webmontag war gestern in Köln. Scheee wars. Proppenvoll, mit sicherlich über 100 Leuten. Und mal wieder fest gestellt, wie klein die Welt doch ist, viele bekannte Leute getroffen und vielleicht dem Einen oder Anderen einen Denkanstoß gegeben, wie man seine Applikationen schrittweise verbessern kann. Ein Dank auch an René Bredlau, der mir den Kölner Webmontag…

  • The Chorizo! International PHP Conference Quiz

    von

    Tobias Kaufmann
    in ,

    On this years conference we did start a quiz regarding security. For those who were not able to visit the Conference I’d like to show the questions asked. Which of the following code lines does really protect against Cross-Site-Scripting? [ ] echo ‚<a href="index.php?name=‘.addslashes($_GET[’name‘]).’">name</a>‘; [ ] echo ‚<a href="index.php?name=‘.strip_tags($_GET[’name‘]).’">name</a>‘; [ ] echo ‚<a href="index.php?name=‘.preg_replace(‚|\W|‘, “,…

  • Announcing Chorizo! Intranet Edition and Chorizo! Security Audits

    von

    Björn Schotte
    in ,

    Live from the International PHP Conference this year, we have some announcements to make: first of all, we’re now officially releasing the Chorizo! Intranet Edition. That’s basically the full Chorizo! software package for your internal corporate environment, installed on one of your servers. Furthermore, you can scan an unlimited number of your own websites (we…

  • Use information disclosure to gather PHP configuration statistics

    von

    Björn Schotte
    in

    Damien Seguy from nexen.net sent an e-mail with a notice about his newest statistics project: „PHP configuration statistics“. He gathered output of around 12,000 public available phpinfo() scripts. Some of the results of his investigations: Here are some funny and not so funny stats. PHP admins likes to compile PHP in Summer Register global is…

  • Chorizo available for French customers: win an iPod Nano!

    von

    Björn Schotte
    in ,

    Today, we’re announcing a reselling partnership between Mayflower GmbH and Waterproof S.A.R.L., makers of PHP IDE PHPEdit and a French based company. They’re reselling the Chorizo! software to their customers and in their local country France. You can view the product page on their website. If you happen to be on Forum PHP in Paris…

  • MySQL Webinar: LAMP – Security for the Web2.0

    von

    Björn Schotte
    in ,

    It has only been two years since Tim O’Reilly coined the phrase Web 2.0 and even shorter time since Jesse James Garret created the shortcut AJAX for the base technology of modern internet applications. In this period the nature of web applications underwent a major change in user experience and development methods. It is the…

  • Code Inclusions on a Silver Plate

    von

    Martin Brotzeller
    in

    Looking for code inclusions? The versatile google cluster has a solution for this, like for many other tasks. This search lang:php \secho\([^)]*_REQUEST[^)]*\); lets You find various places where some variable from the superglobal $_REQUEST is printed with echo. By the same means, you can easily find places where such a variable is directly included in…

  • Buy one XSS, get a CSRF for free

    von

    Johann-Peter Hartmann
    in ,

    Cross Site Request Forging (see http://en.wikipedia.org/wiki/Cross-site_request_forgery for more information) has been around for a while now. It misuses the trust of a web application that every request sent by the browser is wanted by its user.For example, if you know that i am logged in to our blog admin backend most of the time, and…

  • Why you should set display_errors to off

    von

    Björn Schotte
    in ,