Last week, at PHP Forum Paris 2005, Rasmus Lerdorf (the father of PHP if you don't know) showcased "Scanmus", a tool he's been developping internally at Yahoo in order to detect any severe security holes in PHP applications.
Of course, I took the opportunity to submit b2evolution as a candidate for the scanner to try all its evil tricks on!
While I was a little bit worried, since I submitted the not-yet-perfect Phoenix release, the results are pretty comforting about the overall security level provided by b2evolution.
Actually, the only issue detected by the scanner, as explained by Rasmus, is due to the demo server running an older version of PHP. Moreover it impacts PHP sessions, which b2evolution does not actually use (we'll turn them off on the demo server as well).
Of course, the test cannot be considered definitive, but still, if you compare b2evo's results with average results, you should get an idea about how much work and effort we've been putting into b2evo lately.
If you're interested, you can watch the video! Well, you will see no more than the screen from the picture above (except it moves a little), you won't even see Rasmus on screen, but you'll hear him commenting!
My favorite quote: [Looking at the vulnerability report] "...nothing else?... That's disappointing! "
Watch on Youtube: https://youtu.be/_g94H14uNAY