Freelance Word Punk

[THIS SITE IS NO LONGER BEING UPDATED - IF YOU HAVE ENDED UP HERE YOU ARE IN THE WRONG PLACE, PLEASE CLICK WWW.HAPPYGEEK.COM TO VIEW NEW CONTENT BY DAVEY WINDER]

Wednesday, September 11, 2013

Are PHP SuperGlobals putting Web applications at risk?

In the newly published Imperva 'Hacker Intelligence Initiative Report' the in-the-wild modification and exploitation of PHP SuperGlobal variables has been investigated. This particular external variable modification weakness has been described as being where a PHP application does "not properly protect against the modification of variables from external sources, such as query parameters or cookies". Imperva has seen evidence of SuperGlobal variables being used as a launchpad for remote code execution, remote file inclusion and security filter evasions attacks.

Newer Post Older Post Home

Blog Archive

Co-founder of IT Security Thing Ltd, Davey Winder is a three time winner of the Information Security Journalist of the Year award (2006/2008/2010) and received the prestigious Enigma Award for his lifetime contribution to information security journalism in 2011.

Simple theme. Powered by Blogger.