I’ve found this image in a PDF presentation document and i feel like sharing:
I’ve found a few days ago this plugin and i would like to share with everybody since it may help secure the web. This plugin scans the wordpress installation folder for paterns usualy found in exploits/throjans/malware web scripts. The plugin produces quite a few false positive alerts but also it’s very easy to spot suspicious code in suspicious files.
It would be nice if… read full article
I used to use Coppermine Photo Gallery for http://gallery.erata.net but today i’ve decided to close it down. The number of vulnerabilities ( most of them critical ) discovered over the years got me thinking. You can see what i mean here http://www.milw0rm.com/search.php?dong=coppermine. 3 vulnerabilities found in the first two months of 2009. 4 in 2008. This remembers me of… read full article
Here goes… my first security related post
First i must say that this will not be a way to prove that your application is secure, it will only be a quick & dirty way of finding common bugs in web applications. The following will be a few techniques that i tend to use the first time i see an web application ( and generally a database application ). I will use PHP for the few code examples but the vulnerabilities presented are not limited to PHP, in fact are independent of the server-side programming language used.… read full article