Announcing the Advent of PHP Application Vulnerabilities25 Nov 2016 by Martin Bednorz
As the year is slowly coming to an end and the Christmas decorations are starting to brighten up the streets, we at RIPS Technologies decided to give back to the wonderful community surrounding PHP and information security. Starting on December 1st, we are going to open one gift of our advent calendar each day until the 24th. Our gifts are technical blog posts about specific real-world security vulnerabilities in open-source PHP applications that examine PHP security characteristics and how to avoid common pitfalls.
At RIPS Technologies we continually scan open-source projects with our award-winning static code analysis solution RIPS for further analysis improvement. As we grew up with open-source software all around us and used it for many projects, we are now in the unique position to be able to give back to the open-source community and provide it with best-in-class security analysis. This way we can help open-source projects to remmediate overlooked security issues and to make the web a safer place.
Each day, starting from December 1st, we are going to release one blog post until the 24th. Typically, our posts are going to cover one critical security vulnerability in a popular open-source PHP application that was found using RIPS. Each post will provide insights into different aspects of web application security issues and help developers to better understand the selected issue. In addition, we demonstrate how invaluable static code analysis is to find critical security issues in large code bases. All detected security vulnerabilities were reported responsibly to the affected vendors beforehand in a timely manner.
If you can not wait until December 1st you can already have a look at some bugs we found in the past. Our vulnerability database highlights a list of security vulnerabilities in popular open-source software that were found using RIPS and references related blog posts and demo reports of our tool.
We wish all our readers a nice December season and a safe year 2017!
Follow us on Twitter to be notified when the next gift of our advent calendar is opened!
APAV Time Table
Disclaimer: The information provided here is for educational purposes only. It is your responsibility to obey all applicable local, state and federal laws. RIPS Technologies GmbH assumes no liability and is not responsible for any misuse or damages caused by direct or indirect use of the information provided.