Home |  MySQL Buzz |  FAQ |  Feeds |  Submit your blog feed |  Feedback |  Archive |  Aggregate feed RSS 2.0 English Deutsch Español Français Italiano 日本語 Русский Português 中文
Showing entries 1 to 6

Displaying posts with tag: Chorizo (reset)

We did talk about Web-2.0 Security
+0 Vote Up -0Vote Down

On Tuesday our CIO, Johann-Peter Hartmann, gave a Web-seminar about security issues in the Web 2.0 era. We had about 140 participants and some very good questions in the following Q&A Session. We would like to thank you for the response and also we´d like to thank Jürgen from MySQL, our webinar-host.

We uploaded our slides as promised. To download them, click here.


If you missed the Web-Seminar you get a chance to see the recording of it here (http://www.mysql.de/news-and-events/on-demand-webinars/security-20070130.php.de).
But be aware: It´s in german!!!

For english readers/speakers: Johann held an english security talk some time ago. Find it here



  [Read more...]
Web-2.0 Security
+0 Vote Up -0Vote Down

Hi Folks,

This is an announcement for a webinar in German. Therefore only written in German. If you are interested in the security topic be sure to see the english webinar, which is stored here. (http://mysql.com/news-and-events/on-demand-webinars/mayflower-20061109.php)


(http://mysql.com/news-and-events/on-demand-webinars/mayflower-20061109.php)

Web-2.0-Anwendungen absichern

Die verbesserte Einsatztauglichkeit der Web-2.0-Anwendungen wird auf Kosten von neuen Sicherheitsproblemen erworben. Sowohl die mächtige Logik im JavaScript als auch der permanente Login auf vielen Sites bergen Risiken, die anders und gezielt beantwortet werden müssen. Dieses Webseminar gibt einen Überblick, bewertet die Probleme und stellt Lösungswege vor.

Wenn Sie Web 2.0- und AJAX-Anwendungen entwickeln, ist dieser Vortrag genau das Richtige für Sie! Hier erfahren

  [Read more...]
MySQL Webinar: LAMP - Security for the Web2.0
+0 Vote Up -0Vote Down

It has only been two years since Tim O'Reilly coined the phrase Web 2.0 and even shorter time since Jesse James Garret created the shortcut AJAX for the base technology of modern internet applications. In this period the nature of web applications underwent a major change in user experience and development methods.

It is the age of integrated communication. Content is created using rich interfaces by users for others users, collected by feed aggregators, collaboratively bookmarked, tagged, complemented by maps and delivered as a service for mash-ups. A good portion of this services a supplied by the LAMP (Linux, Apache, MySQL, PHP / Python / Perl). Since every technology has its dark companion, new security risks arose, and others grew more important.

If you are

  [Read more...]
Understanding successful tracing of security vulnerabilities
+0 Vote Up -0Vote Down

Web applications can easily become very complex. Several hundreds of thousands of lines of code (no HTML templates!) is usual at larger corporate solutions. This also means that your PHP applications follows the standards like object oriented programming, nested classes etc.

When it comes down to detect security vulnerabilities, a lot of tools are available. In a previous post I told you that we developed Chorizo! mainly because we needed a tool that checks for security vulnerabilities (both XSS issues and server side issues) very easily. I think our GUI is very nice :-)

In a previous post I introduced Morcilla to you (see video here and here and

  [Read more...]
SQL injections for dummies - and how to fix them (Update)
+0 Vote Up -0Vote Down

Well, database operations are bread-and-butter work for most PHP applications. PHP and MySQL, for example, have been like brother and sister for many years. You may have heard about "SQL injections", a bad taste from the outside world of $_GET, $_POST, $_COOKIE and the like.

Everybody should know that you shouldn't pass variables from outside unfiltered to i.e. mysql_query. Of course, sometimes this can slip through because we are human and humans make errors. The initial development of Chorizo! was driven by our own need to make it easier for our developers to detect potential security issues and fix them in a second. With Morcilla, our server-side PHP extension, life will be much easier, especially when you turn display_errors = Off in your php.ini settings which won't give a hint to potential attackers that a modified GET

  [Read more...]
Commoditizing PHP security
+0 Vote Up -0Vote Down

We think it's time to commoditize PHP web application security. You may have heard of Chorizo!. We're proud to announce that from now on it's possible to register for a free account on chorizo-scanner.com.

With this free account, it's possible to use the Chorizo! application service as a proxy and scan 1 host. All scan datas are encrypted, your data is only visible to you. There are also some valuable help documents available that explain the whole process from registering up to uploading the signature file onto your host and how to analyze the results. Please note: as Chorizo! is an application service, you can only scan your hosts that are publicly available or

  [Read more...]
Showing entries 1 to 6

Planet MySQL © 1995, 2014, Oracle Corporation and/or its affiliates   Legal Policies | Your Privacy Rights | Terms of Use

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.