Looks like my latest article is up on Midwest Tech Journal. Check it out if you’d like to read an analysis of a zero-day PHP cross-site-scripting attack that happened on a client’s site.
Midwest Technology Journal – PHP Web Application Security: A Zero-Day Exploit Case Study
On December 29, 2004 James Bercegay of the GulfTech Security Research Team (http://www.gulftech.org/) published a security vulnerability advisory about a web-based calendar application called php-Calendar. This is the advisory notice he posted on his website, and that was also published on the 29th of December by the network security research site Zone-H.org (http://www.zone-h.org).