I went through today and reorganized the PHP Application Security pages on the WACT Wiki. This mini wiki within a wiki is one of the most popular pages there. While the page has been popular, it hasn’t attracted much contribution.
I broke the existing entries up into four main categories. There is alot of structure here and thin content. Hopefully this will form an attractive nuisance for a collaborative effort to fill in some of the entries.
- A Catalog of Security Vulnerabilities – Bad Security Smells.
- A Catalog of Security Attacks – Attacks against PHP Applications and how to foil them.
- A Catalog of Security Sensitive Functions – A List of PHP functions and their security implications.
- A Catalog of Secure Practices – Best practices for secure applications.
I’ll probably start filling in the information the next time I go out of town and have internet access. I find it soothing when I am away from my standard development environment to google for security articles and summarize the information on the wiki. Thats how these pages were born.
Yes, I’m a geek.
Feed
Subscribe to this blog…
catalog links are empty.
I think it’s a good resource. We’ve linked to it in the PHPSC Library:
http://phpsec.org/library/
I’m not sure what to tell you about attracting more contributions. I’ve been considering something that utilizes http://del.icio.us/ for making our library more useful and current. Maybe you can consider something similar – people can contribute links and descriptions by tagging something with “wact-phpsec”, and your work can be reduced to moderating these submissions.
Anyway, that’s a random idea I’ve been working with. Let me know if you think of something particularly creative.
Links fixed. Thanks for letting me know.
Thanks, Chris,
http://del.icio.us/tag/php+security might work just as well.
Hi Jeff, Just wanted to let you know that your RSS feed is full of what appears to be BBCode rather than HTML. Thought you’d like to know.
I had the same problem as Sam did.
Keep up the good job..