[WEB SECURITY] AT&T exposes /etc/passwd , bad php

Andrew van der Stock vanderaj at owasp.org
Sat Aug 1 02:11:14 EDT 2009

Hi there,

I'd love to talk to the folks @ Zend if they're interested.

I'd also like to talk to PHP core and propose fixes for things that  
need fixing in the language proper, like session management, logging,  
etc, which are native security issues rather than extensions. mhash  
and mcrypt should be standard on every build.

I need a few more developers for ESAPI for PHP as well. If you're  
interested and can code in OO PHP, please mail me privately.


On 31/07/2009, at 7:32 PM, Erwin Geirnaert wrote:

> Hi list,
> We created a whitepaper comparing OWASP ESAPI & ZEND (the popular PHP
> framework), see
> http://www.zionsecurity.com/downloads/whitepapers/whitepaper-zend---owas
> Main conclusion was that ZEND should use OWASP ESAPI for PHP :)
> I would love to see some comments or feedback from Andrew and the  
> list.
> Best regards,
> Erwin

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list