mailing list archives
Month of PHP Security 2010 - CALL FOR PAPERS
From: Stefan Esser <stefan.esser () sektioneins de>
Date: Sat, 27 Feb 2010 13:14:05 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Month of PHP Security 2010 - CALL FOR PAPERS
Three years ago, in March 2007, the Hardened-PHP project had organized
the Month of PHP Bugs. During one month more than 40 vulnerabilities in
the PHP interpreter were disclosed in order to improve the overall
security of PHP. Now, three years later, SektionEins GmbH will
continue in the same spirit and organize the Month of PHP Security.
The intention of the Month of PHP Security is to gather the best
research and articles about PHP security topics from the security
community and share them with the rest of the world. This time the goal
is not only to improve the security of PHP itself and applications
directly by fixing security bugs, but also to help PHP developers
around the world to write better and more secure PHP applications.
The Month of PHP Security will be held in May 2010 by SektionEins
GmbH. During the month of May all qualifying entries will be published
at http://php-security.org day by day.
The CFP committee for the Month of PHP Security consists of
1) Johann-Peter Hartmann
2) Stefan Esser
4) Ben Fuhrmannek
The CFP committee will review all submissions and select the list of
articles that will be published on http://php-security.org
* New vulnerability in PHP 
(not simple safe_mode, open_basedir bypass vulnerabilities)
* New vulnerability in PHP related software 
(popular 3rd party PHP extensions/patches)
* Explain a single topic of PHP application security in detail
(such as guidelines on how to store passwords)
* Explain a complicated vulnerability in/attack against a PHP
widespread application 
* Explain a complicated topic of attacking PHP (e.g. explain how to
exploit heap overflows in PHP's heap implementation)
* Explain how to attack encrypted PHP applications
* Release of a new open source PHP security tool
* Other topics related to PHP or PHP application security
 Articles about new vulnerabilities should mention possible
fixes or mitigations.
In case of submitted vulnerabilities SektionEins GmbH will contact
the security team of the software vendor after the submission deadline
and share the vulnerability information with them. Along with the
vulnerability information SektionEins will provide the name of the
submitting party in order to give proper credits.
At the end of May the CFP committee will review the published
material and determine the best entries. Selected winners will
get the following prizes.
1. 1000 EUR + Syscan Ticket + CodeScan PHP License
2. 750 EUR + Syscan Ticket
3. 500 EUR + Syscan Ticket
4. 250 EUR + Syscan Ticket
5.-6. CodeScan PHP License
7.-16. Amazon Coupon of 65 USD/50 EUR
SektionEins reserves the right to disqualify any submitted entry.
While employees of SektionEins can and will submit entries for
the Month of PHP Security they are excluded from receiving prizes.
The 1000 EUR cash prize and the Syscan tickets were generously
sponsored by Syscan. CodeScan PHP Licenses were sponsored by
CodeScan Limited. All other cash and non-cash prizes are sponsored
The winners of the Syscan tickets can choose one of the four
Syscan 2010 conferences to go to. Syscan Tickets include free
admission to the conference, speaker's dinner and speaker party.
Hotel and travelcosts are NOT included.
Please note that non-cash prizes cannot be changed into cash prizes.
Submissions should be sent to cfp () php-security org and consist of the
1) Name and contact information (e-mail, postal address)
2) Employer and/or affiliations
3) Article about one of the allowed topics (at least 1000 words)
4) Optionally additional material like slides, whitepaper in PDF format
All submissions must be in English. The preferred delivery format is
plain text or HTML, but PDF is also accepted. Please pack all the
required items (pictures, text, ...) in a ZIP archive and submit this
ZIP archive by email.
Deadline for submissions is April 11, 2010.
After submission SektionEins GmbH will acknowledge submissions with
a signed email. If you do not receive such an email within one week
after submission, then please contact us at cfp () php-security org
By submitting your article you are granting SektionEins GmbH the rights
to reproduce, distribute, advertise and show your article including but
not limited to http://php-security.org, printed and/or electronic
advertisements, and all other media. However you are still allowed to
publish your own work in whatever way you want.
We would like to thank Syscan and Coseinc for generously offering
1000 EUR cash prize and four tickets to Syscan. If you are interested
in the latest and greatest security research you should really consider
visiting one of the four Syscan conferences. You will find furhter
information at http://www.syscan.org/
Also we would like to thank CodeScan Limited to offer CodeScan for PHP
licenses as a prize. If you are interested in static code analysis for
PHP, you might want to check http://www.codescan.com/.
If you help us to spread the word about the Month of PHP Security
and the open CFP by writing a blog posting about it, you have the
chance to win one of ten 33 USD/25 EUR Amazon Coupons. To participate
you have to write a blog posting about the Month of PHP Security CFP
and send a link to your blog posting to drawing () php-security org
The winners will be announced on May 1, 2010.
Month of PHP Security / php-security.org
SektionEins GmbH / www.sektioneins.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Month of PHP Security 2010 - CALL FOR PAPERS Stefan Esser (Feb 27)