Ruan Müller » Databases

PHP Interpreter Modified To Find XSS and Injection Holes, Automatically Generates Attacks

Ruan — Fri, 19 Jun 2009 22:46:23 +0000

Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications.

The so-called Ardilla tool uses a technique developed by the researchers — MIT’s Adam Kiezun, the University of Washington’s Michael Ernst, Stanford’s Philip Guo, and Syracuse University’s Karthick Jayaraman — that creates inputs that pinpoint bugs in Web applications and then generates SQL injection and XSS attacks. Ardilla is for PHP-based Web apps.

There is also a table of results from analysis done against several PHP web applications

Via: darkREADING

Intel, Oracle Team on Encryption to Protect Data in Enterpise Cloud Computing, Open Virtualization Standards

Ruan — Wed, 24 Sep 2008 21:56:15 +0000

Oracle and Intel are now working together on enterprise Could Computing that will use encryption for improved privacy on data, the two companies said at this week’s OracleWorld conference.

Data encryption was mentioned as part of a larger agreement which also calls for collaboration around greater database performance for corporate clouds and mutual work on Web standards for cloud provisioning and management, as well as on the Open Virtual Format (OPF) for porting virtual machine images across platforms.

The collaboration will revolve around Intel Virtualization Technology (VT) and Oracle Grid Computing technologies such as Oracle’s database, Real Application Clusters (RAC), Automatic Storage Management, Application Grid, Enterprise Manager, and VM.

Setting up an AMP stack on FreeBSD

Ruan — Sun, 03 Aug 2008 03:24:06 +0000

Linux.com has a detailed step by step installation procedure for installing Apache, MySQL and PHP on FreeBSD using the ports collection. Some extra steps are taken to secure the installation and you end up with a nice multifunctional FreeBSD+AMP setup with very little effort.