May Is Month of PHP Security

Tuesday May 11th 2010 by Developer.com Staff

May is the Month of PHP Security, and so far, 20 security flaws have been reported in PHP itself, as well as, in PHP applications.

May is the "Month of PHP Security," and 20 security flaws have been found in the open source PHP language itself, as well as, in PHP applications.

More than half of the bugs affect PHP itself. For example, the PHP functions preg_quote() and html_entity_decode() have what's called an interruption information leak vulnerability discovered by Stefan Esser.

The Month of PHP Security is a continuation of "the effort of Hardened-PHP's Month of PHP Bugs in 2007 to improve the security of PHP and the PHP ecosystem by disclosing vulnerabilities in PHP and PHP applications on the one hand and on the other hand by publishing articles and tools that help PHP application developers to develop more secure PHP applications."

In addition to security bug notices, the group also publishes articles about how to write secure PHP applications.

One article every PHP developer should read is "Generating Unpredictable Session IDs and Hashes" by Jordi Boggiano.

Mobile Site | Full Site