[Phpmyadmin-devel] Assuring Security by testing
ossipov at inf.fu-berlin.de
Thu May 1 12:41:33 CEST 2008
I've been investigating phpMyAdmin within my Bachelor's thesis
of security test tools in open source" at the Free University of Berlin
(FU Berlin) .
Basically, I am looking for security measures which have been taken to
prevent security leaks/vulnerabilities especially with security test
phpMyAdmin is probably the most popular MySQL web front-end.
I have searched across the homepage, wiki, the mailist list and repo.
I have noticed some things, I'd like like to remark:
A security reponse team  handles security vulnerabilities and patches
You've been sufferting quite a lot of XSS in the past . You
introduced a security token.
Finally, most releases do include security fixes.
I am sure that you do anything you can to assure security.
Concluding from the XSS attacks and eventually SQL injection (from which
most php apps suffer), does this team
or any other group/person take any measures to assure security with
testing tools, with a special test plan or functional requirements?
I guess the first step would be to turn off "register_globals".
Additionally, there seems to be some great fuzzers out there for website
testing and SQL injection like Wfuzz or Absinthe.
Thanks in advance,
<NO> OOXML - Say NO To Microsoft Office broken standard
More information about the Developers