On Tuesday our CIO, Johann-Peter Hartmann, gave a Web-seminar about security issues in the Web 2.0 era. We had about 140 participants and some very good questions in the following Q&A Session. We would like to thank you for the response and also we´d like to thank Jürgen from MySQL, our webinar-host.

We uploaded our slides as promised. To download them, click here.

If you missed the Web-Seminar you get a chance to see the recording of it here (http://www.mysql.de/news-and-events/on-demand-webinars/security-20070130.php.de).
But be aware: It´s in german!!!

For english readers/speakers: Johann held an english security talk some time ago. Find it here

  [Read more...]

Hi Folks,

This is an announcement for a webinar in German. Therefore only written in German. If you are interested in the security topic be sure to see the english webinar, which is stored here. (http://mysql.com/news-and-events/on-demand-webinars/mayflower-20061109.php)

---

(http://mysql.com/news-and-events/on-demand-webinars/mayflower-20061109.php)

Web-2.0-Anwendungen absichern

Die verbesserte Einsatztauglichkeit der Web-2.0-Anwendungen wird auf Kosten von neuen Sicherheitsproblemen erworben. Sowohl die mächtige Logik im JavaScript als auch der permanente Login auf vielen Sites bergen Risiken, die anders und gezielt beantwortet werden müssen. Dieses Webseminar gibt einen Überblick, bewertet die Probleme und stellt Lösungswege vor.

Wenn Sie Web 2.0- und AJAX-Anwendungen entwickeln, ist dieser Vortrag genau das Richtige für Sie! Hier erfahren

  [Read more...]

Looking for code inclusions?
The versatile google cluster has a solution for this, like for many other tasks.
This search

lang:php \secho\([^)]*_REQUEST[^)]*\);

lets You find various places where some variable from the superglobal $_REQUEST is printed with echo. By the same means, you can easily find places where such a variable is directly included in an SQL query, for instance with

lang:php \smysql_query\([^)]*_REQUEST[^)]*\);

.
This alone yields 50 results for each

  [Read more...]