ZendCon 2007 - Day 0 - Tutorials
Today begins my coverage of ZendCon 2007. This is the first entry and covers Day 0... the Tutorials.Today started with a $4 muffin. As the first day of festivities but not yet the conference, breakfast...
View ArticleVulnerability Disclosure / dotProject
In the past week, a few people have called me to task about referencing the dotProject vulnerability in the Project Importer Release and Risk Management Module update without giving details or even...
View ArticleThe Electoral College: An Analogy
This space is usually politics-free. Today I take a diversion from that course to make an argument about a political background from a technical perspective. One of the best principles of software...
View ArticleCredit Card Information and You
It seems that at least once a week, I have a customer or see another developer ask a simple question: How do I store credit card information? The simplest way to attack the problem: Don't.Seriously....
View ArticleThe First Rule for Software Development
Recently I taught a class of bright-eyed, bushy-tailed PHP'ers just getting their start in the world. They haven't done their first production application and we were working in the "safe" confines of...
View ArticleOn Disaster Planning
Last week, I was teaching the Security Class for php|architect and talked not only about protecting your applications from security vulnerabilities but what to do after you've found (or have been...
View Articleweb2project Security Vulnerability
Late last month, I received some bad news about web2project...It turns out that web2project was vulnerable to a handful of select Cross Site Scripting (XSS: definition) vulnerabilities. While the...
View ArticleSocial Media for Social Evil - Part I Impersonation
This is the first of what is intended to be a three part series. I've used this space to talk about the concepts of Open Source Intelligence using Social Networks with the early analysis focused on...
View ArticleSocial Media for Social Evil - Part III Research
This is the third of what is intended to be a three part series. To catch up, read "Social Media for Social Evil - Part I: Impersonation" and "Social Media for Social Evil - Part II: Network Analysis"....
View Articleweb2project Permissions Crash Course
One of the most common configurations out there is related to allowing web2project users to have access to only specific companies. While it's not as simple as saying "users should only see things from...
View ArticleEnemy Unit Testing
A few months ago, I came across this article about 'Enemy Unit Testing'. It sounds like a strange term, but when you think about it, the concept makes sense.If you write good Unit tests, the confirm...
View ArticleOn Reporting Problems
Chris Shiflett recently wrote on the inherent problems that go along with disclosing bugs in web applications (specifically security holes). I believe he took the responsible route of reporting the...
View Article
More Pages to Explore .....