PUBLIC MARKS with tags info-sec & php

It's that time of year again, when I get to work on new features (instead of supporting the old ones). With a major change to the version number of the way I took the opportunity to introduce major improvements too. ModSecurity 2.0.0-dev1 is available right now and it offers the following major improvements:

This all-purpose guide for locking down Apache arms readers with all the information they need to securely deploy applications. Administrators and programmers alike will benefit from a concise introduction to the theory of securing Apache, plus a wealth of practical advice and real-life examples. Topics covered include installation, server sharing, logging and monitoring, web applications, PHP and SSL/TLS, and more.

Founded in January 2005, the PHP Security Consortium (PHPSC) is an international group of PHP experts dedicated to promoting secure programming practices within the PHP community. Members of the PHPSC seek to educate PHP developers about security through a variety of resources, including documentation, tools, and standards.

PHP Input Filter - 1.2.2 ..is a free php class that allows developers to easily filter input coming from the user (HTML forms, cookies etc) for a number of reasons. The focus of this tool is on customisation. v1.2.2 features SQL injection support, PHP5 Strict version, as well as several patches and bugfixes. Thanks to everyone who's emailed in to make this much more stable and well-rounded.

This is a list of common security concerns for web applications that can be or should be solved at the application development level with a focus on PHP solutions.

Writing Secure PHP

PHP Vulnerability