Search:

Blog Posts Tagged with "PHP"

959779642e6e758563e80b5d83150a9f

Applications vs. the Web: Enemy or Friend?

March 16, 2012 Added by:Danny Lieberman

A minimum of two languages on the server side (PHP, SQL) and three on the client side (Javascript, HTML, CSS) turns developers into frequent searchers for answers on the Internet driving up the frequency of software defects relative to a single language development platform...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Stealth Code for New Mutation of PHP Bot Infector

February 21, 2012 Added by:Brent Huston

I found a new mutation of a PHP bot infector, with zero percent detection by AV software. When I decoded the PHP backdoor I got 17 AV hits on it. This leads to the question about evasion techniques and how effective anti-virus applications are at doing code de-obfuscation...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

System Compromise: What the Heck is a FeeLCoMz String?

February 03, 2012 Added by:Brent Huston

If you find those strings, they usually indicate other PHP scanners, worms or attack tools have compromised the system. Now, if you don’t find those, it does NOT mean the system is safe, the list of all of those relevant strings would be too large and dynamic to manage...

Comments  (0)

C9f10ffa24531c96d85e0445499fd1e4

Browser-Based Malware: Decoding a PHP Backdoor

October 20, 2011 Added by:john melvin

This article is not an analysis of the backdoor, but instead describes the methodology and techniques used to decipher malicious code embedded and encoded in a seemingly normal web page. The following is a snippet of the PHP code that caught my attention and began my investigation...

Comments  (1)

959779642e6e758563e80b5d83150a9f

Configuring Web 2.0 Applications to be Friendly But Secure

February 25, 2011 Added by:Danny Lieberman

In the course of a security audit/penetration test of a social networking Web site this week that was developed and deployed on Ubuntu, I was reminded yet again that we all have something to learn. Even Linux geeks...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Understanding PHP RFI Vulnerabilities

June 14, 2010 Added by:Brent Huston

A large majority of publicly disclosed vulnerabilities are PHP related. In 2009, 5733 PHP Remote File Inclusion vulnerabilities were disclosed. In situations where exploiting PHP RFI is possible, most likely SQL Injection and Cross Site Scripting are all possible. This is due to the exploits having the same root cause or lacking input validation.

Comments  (0)


Most Liked


Latest Member Comments

"I thought this article discuss a very important issue of security.If we have well developed technology in one particular field then we ..."

Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013

"ATM machine are for our convenience but if we are not careful they can compromise our safety. Discount theater tickets "

ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013

"A expressive case study is used to explore causation in order to find underlying principles. Case studies may be prospective in which c..."

New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013

"In the social sciences and life sciences a case study or case report is a descriptive or descriptive analysis of a someone, group or ev..."

Case Study: A Cloud Security Assessment... Caitlin Rachel on 05-21-2013
Latest Posts