Ineffective use of add_escape_custom() in library/patient.inc leads to SQL injection in OpenEMR 6.0.0-dev, 5.0.2(5).
Yii2 is one of the popular PHP frameworks with difficult name to read. Correct use of frameworks significantly reduces development time, and also covers most of the security issues. But this, of course, does not mean the absolute safety of Yii2 applications, since there is always a human factor in any system. This short note… Continue reading A note on Yii2 code generation safe usage
The Standoff is a unique cyber environment created by IT and information security specialists for the secure development of IT infrastructure, which allows you to simulate the digital twin of a modern metropolis and demonstrate how cybercriminals can affect its high-tech infrastructure. The Standoff virtual city contains the same hardware and software components with all… Continue reading We won The Standoff 2020
Made report at Open Sysconf’19 about PHP backdoors with my colleague @joe1black. In this report were considered backdoors of different levels: common and uncommon with examples. PDF in russian language.