Norway


On their blog, have shared a wrap-up of their security advent calendar shared at the end of last year. The provided a daily challenge related to a security issue that may or may not be commonly known.

In this years PHP Security Advent Calendar we published 24 challenges for the PHP community where security issues were hidden in code snippets for fun and training. The challenges are based on -world security vulnerabilities that we found with the help of RIPS over the last year in popular PHP applications. In this blog post we are going to discuss the main take-aways from our calendar regarding PHP security.

The calendar covered several different types of challenges but they fell into a few overall categories: issues with user input, weak typing, odd behavior of built-in features and the overall diversity of possible bugs.

The root cause for the security issues presented in our challenges are not new. But the diversity and combination of these pitfalls are sheer endless that trick even skilled . What looks secure at first sight quickly turns into an exploitable security bug. […] We would like to thank everyone who participated, discussed, and provided great feedback and we hope our challenges helped in sharpening your security skills in a fun way!



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here