Recent
Month of PHP Security
In 2007 the Hardened-PHP Project setup by three German Security Researchers organised the Month of PHP Bugs (MOPB). The ‘Month of Bugs’ concept was started by non other than HD Moore back in 2006 with his Month of Browser Bugs (MoBB) which found security holes within most of the popular browsers. Since then there have been many ‘Month’s of Bugs’ including Month of Kernel Bugs (MoKB), Month of Apple Bugs, Month of Twitter Bugs and the Month of Facebook Bugs.
So why a Month of Bugs?
“The intention of the Month of PHP Security is to gather the best research and articles about PHP security topics from the security community and share them with the rest of the world. This time the goal is not only to improve the security of PHP itself and applications directly by fixing security bugs, but also to help PHP developers around the world to write better and more secure PHP applications.”
Back in 2007 the MOPB disclosed 46 security bugs within PHP’s core, PHP’s extensions and within the Zend Engine. The security vulnerabilities ranged from XSS within PHP 4′s phpinfo(), a mod_security bypass and multiple Buffer Overflows. This year the MOPB will be held in May where each day a PHP security bug will be disclosed.
This year one lucky Security Researcher will have the chance to win 1000 EUR for their submission and others have the chance to win other cash prizes. Unfortunately we were a little slow on this and the submission deadline for all you interested in the 1000 EUR pot of gold has passed. Nonetheless MOPB should be disclosing some pretty interesting security holes which we will be keeping our eye on.
