Encoding, Javascript, Even over HTTP Headers. LOL I love this post because Quite a bit of ways and way too many to list; Daniel I really appreciate this post and your consulting company looks really great.
On Thu, Oct 20, 2011 at 4:15 PM, Ben Sgro <b...@projectskyline.com> wrote: > Hello Dan, > >> but it'd be good to know which holes are currently being exploited. > > Well of course it would be, but I think we can safely assume it's unpatched > known exploits > in common popular software platforms (wordpress, drupal modules, etc) or > 0days against the same. > > We'll see soon enough. > > For those of you who are not familiar with OWASP, take a minute to review. > There is a ton of great > security related information and methodologies there. > > - Ben > > On Oct 20, 2011, at 3:48 PM, Daniel Convissor wrote: > >> Hi: >> >> http://nakedsecurity.sophos.com/2011/10/19/analysis-of-compromised-web-sites-hacked-php-scripts/ >> >> Alas, it only looks at the results of the attack, not how the attacks >> are getting through in the first place. Of course, this is how: >> https://www.owasp.org/index.php/PHP_Top_5#P1:_Remote_Code_Execution >> but it'd be good to know which holes are currently being exploited. >> >> --Dan >> >> -- >> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y >> data intensive web and database programming >> http://www.AnalysisAndSolutions.com/ >> 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 >> _______________________________________________ >> New York PHP Users Group Community Talk Mailing List >> http://lists.nyphp.org/mailman/listinfo/talk >> >> http://www.nyphp.org/Show-Participation > > _______________________________________________ > New York PHP Users Group Community Talk Mailing List > http://lists.nyphp.org/mailman/listinfo/talk > > http://www.nyphp.org/Show-Participation > _______________________________________________ New York PHP Users Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/Show-Participation
