AppSec Blog: Category - php

AppSec Blog:

HTML5: Risky Business or Hidden Security Tool Chest?

I was lucky to be allowed to present about how to use HTML5 to improve security at the recent OWASP APPSEC USA Conference in New York City. OWASP now made a video of the talk available on YouTube for anybody interested.

Safer Software through Secure Frameworks

We have to make it easier for developers to build secure apps, especially Web apps. We can't keep forcing everybody who builds an application to understand and plug all of the stupid holes in how the Web works on their own - and to do this perfectly right every time. It's not just wasteful: it's … Continue reading Safer Software through Secure Frameworks

Taming the Beast - The Floating Point DoS Vulnerability

Originally posted as Taming the Beast The recent multi-language numerical parsing DOS bug has been named the "Mark of the Beast". Some claim that this bug was first reported as early as 2001.This is a significant bug in (at least) PHP and Java. Similar issues have effected Ruby in the past. This bug has left … Continue reading Taming the Beast - The Floating Point DoS Vulnerability

Top 25 Series - Rank 17 - Integer Overflow Or Wraparound

The author discussion integers, wraparound and how random numbers may very much be non random if you don't know how to read the manual.

What should be part of a PHP Streetfighter API

Do we need a quick and dirty PHP Streetfighter API? Something to help lazy developers beat up lazy exploits? Something that can be written in 24hrs and learned in less then 1hr? If you are interested in using it, let me know.