[WEB SECURITY] Re: Validating new PHP code

Robert Jones drjonesac2 at gmail.com
Thu May 19 14:48:47 EDT 2005


I just purchased securemycode.org. Sound good to everyone?

On 5/19/05, Bob Radvanovsky <rsradvan at unixworks.net> wrote:
> I can have a server, patched and ready, with some blogging software within a
> few days.  Got any preferences?  I also had made suggestions of contribution
> to the group as my part of contribution to the overall cause.
> 
> Check it out: http://www.unixworks.com.  I would do this for **FREE**.  Disk
> of about 20-40 GB, RedHat FC3 (patched), Apache 2, PHP 4, MySQL, Perl 5.6,
> etc, etc.
> 
> What'ya say?
> 
> LEGAL DISCLAIMER: Contingencies are that: (1) not used for posting exploits,
> warex, or porno (as Emil would say, "gotta keep it 'G'"); (2) someone is the
> maintainer of the articles and postings as the "head librarian"; (3) I
> retain control of the server -- no root given to anyone for any reason; (4)
> no flaming, no spitting, no hacking, etc.; (5) discussions are about and for
> securification methods, measures, and countermeasures for web-based
> applications and their environments.
> 
> ===========
> 
> I will make it **FREE** for this group as my contribution to the group.
> I've got too little time to deal with this right now, esp. with a book that
> I've got coming out in a few months (and am alerady working on Book #2).  I
> wanna help, and wanna do 'da right thing, but not at the expense of
> compromising my network, or promoting the 'black arts' of the Art of
> Hacking.  Anyone who can make a suitable offer -- and mean it -- step
> forward.  Otherwise, I will have something ready (hopefully) soon.
> 
> I'm thinking of using some blogging software for this -- any suggestions
> (outside of phpBB or Invision)?
> 
> Bob Radvanovsky, CISM, CIFI, REM, CIPS
> [/unixworks] "knowledge squared is information shared"
> rsradvan at unixworks.com | http://www.unixworks.com
> (630) 673-7740 [OFFICE] | (412) 774-0373 [FAX]
> 
> *** DISCLAIMER NOTICE ***
> 
> This electronic mail ("e-mail") message, including any and/or all
> attachments, is for the sole use of the intended recipient(s), and may
> contain confidential and/or privileged information, pertaining to business
> conducted under the direction and supervision of Bob Radvanovsky and/or
> UNIXWORKS, as well as is the property of Bob Radvanovsky and/or UNIXWORKS
> and/or its affiliates, or otherwise protected from disclosure.  All
> electronic mail messages, which may have been established as expressed views
> and/or opinions (stated either within the electronic mail message or any of
> its attachments), are left at the sole discretion and responsibility of that
> of the sender, and are not necessarily attributed to either Bob Radvanovsky
> or UNIXWORKS. Unauthorized interception, review, use, disclosure or
> distribution of any such information contained within this electronic mail
> message and/or its attachment(s), is(are) strictly prohibited. As this
> e-mail may be legally privileged and/or confidential and is intended only
> for the use of the addressee(s), no addressee should forward, print, copy,
> or otherwise reproduce this message in any manner that would allow it to be
> viewed by any individual not originally listed as a recipient. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any unauthorized disclosure, dissemination, distribution, copying or the
> taking of any action in reliance upon the information herein is strictly
> prohibited. If you have received this communication in error, please notify
> the sender immediately, followed by the deletion of this or any related
> message.
> 
> ----- Original Message -----
> From: "BigA" <biga at ez-net.com>
> To: <websecurity at webappsec.org>
> Sent: Thursday, May 19, 2005 12:02 PM
> Subject: RE: [WEB SECURITY] Re: Validating new PHP code
> 
> 
> > Hello,
> >
> > I would be willing to assist with this.  Back in my younger years, I was
> an
> > admin for "hackingzone" (sigh)... we did have a 5 level sql game that was
> > featured on securityfocus, however.
> >
> > I also run a few php based sites around.  I have over 5 years of php/mysql
> > experience.
> >
> > I've always wanted a place like this too :)
> >
> >
> > -BigA
> >
> > -----Original Message-----
> > From: Robert Jones [mailto:drjonesac2 at gmail.com]
> > Sent: Thursday, May 19, 2005 11:04 AM
> > To: websecurity at webappsec.org
> > Subject: [WEB SECURITY] Re: Validating new PHP code
> >
> > Yeah it would be nice if there was a place that you could post
> > snippets of your code for peer review. I have $15 and some webspace.
> > Maybe I could start something. I will have to look into it.
> >
> > On 5/19/05, Robert Jones <drjonesac2 at gmail.com> wrote:
> > > Hello,
> > >
> > > I am writing a web portal application for a small business. It will
> > > handle their internal sales and web sales. I am curious to know if
> > > there is a place online to post my code for security review.
> > > --
> > > Robert Jones
> > > drjonesac2 at gmail.com
> > >
> >
> >
> > --
> > Robert Jones
> > drjonesac2 at gmail.com
> >
> > ---------------------------------------------------------------------
> > The Web Security Mailing List
> > http://www.webappsec.org/lists/websecurity/
> >
> > The Web Security Mailing List Archives
> > http://www.webappsec.org/lists/websecurity/archive/
> >
> >
> >
> > ---------------------------------------------------------------------
> > The Web Security Mailing List
> > http://www.webappsec.org/lists/websecurity/
> >
> > The Web Security Mailing List Archives
> > http://www.webappsec.org/lists/websecurity/archive/
> 
> 
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
> 
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
> 
> 


-- 
Robert Jones
drjonesac2 at gmail.com

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list