b2evolution b2evolution

  • Sign in
  • Sign up
  • About
  • Downloads
  • Hosting
  • Docs
  • Support
  • Sign in
  • Sign up
  • About
  • News
 
  • « b2evolution 1.6 "Phoenix Alpha" released
  • Debian package »

b2evolution passing the Scanmus test

Posted by fplanque on Nov 13, 2005 in Security info, The Webmaster's Blog

Last week, at PHP Forum Paris 2005, Rasmus Lerdorf (the father of PHP if you don't know) showcased "Scanmus", a tool he's been developping internally at Yahoo in order to detect any severe security holes in PHP applications.

Of course, I took the opportunity to submit b2evolution as a candidate for the scanner to try all its evil tricks on!

b2evo passing the Scanmus test

While I was a little bit worried, since I submitted the not-yet-perfect Phoenix release, the results are pretty comforting about the overall security level provided by b2evolution.

Actually, the only issue detected by the scanner, as explained by Rasmus, is due to the demo server running an older version of PHP. Moreover it impacts PHP sessions, which b2evolution does not actually use (we'll turn them off on the demo server as well).

Of course, the test cannot be considered definitive, but still, if you compare b2evo's results with average results, you should get an idea about how much work and effort we've been putting into b2evo lately.

If you're interested, you can watch the video! Well, you will see no more than the screen from the picture above (except it moves a little), you won't even see Rasmus on screen, but you'll hear him commenting! ;)

My favorite quote: [Looking at the vulnerability report] "...nothing else?... That's disappointing! :>"

Watch on Youtube: https://youtu.be/_g94H14uNAY

8 comments

Comment from: Lenwood

Lenwood

That’s awesome news! And it reflects the level of support that I have seen over the past 2 months with the recent wave of blog spammers. Thanks to the entire b2evo community. I’m eager to run Phoenix and use some of its new features!

2005-11-14 @ 03:58

Comment from: blueyed

The video is funny. I can even hear François speak.. ;)

The mentioned vulnerability because of using PHP’s session management (which was just on the demo site to store if someone wants to use debugging) is removed.

2005-11-15 @ 10:25

Comment from: ¥åßßå

¥åßßå

Maybe you should send WP a copy ? ;)

¥

2005-11-15 @ 10:34

Comment from: fplanque

I wish I could use google but:

Thanks for your interest in Google Video.

Currently, the playback feature of Google Video isn’t available in your country.

We hope to make this feature available more widely in the future, and we really appreciate your patience.

2005-11-16 @ 20:06

Comment from: laygnuk

laygnuk

This is great :) i feel just so much better(about spam) since the dawn release already, and can’t wait for the next release :)
Keep up the good work, it’s a pleasure working with B2evolution!

2005-11-18 @ 19:50

Comment from: Sylvestre

Sylvestre

Do you know if he plans to release this tool ? (or if you know an equivalent tool)

2005-11-24 @ 20:58

Comment from: Craig Webster

Craig Webster

Instead of Google video, why not use the Coral CDN: http://doc.b2evolution.net.nyud.net:8090/media/b2evo_scanmus.mp4

Have an intermediate page which tries to redirect to the CDN version and if it fails have a backup link to the direct download.

2005-12-13 @ 19:18

Comment from: Joachim

Joachim

really funny video :)

2005-12-15 @ 12:11

b2evolution News

  • Home
  • Latest comments

Search

Categories

  • All
  • New releases
    • Press releases
  • Community
  • b2evolution.net
  • Development
    • New features
    • Technology
    • Security info
    • Translations
  • The Webmaster's Blog

Archives

  • July 2024 (1)
  • March 2022 (1)
  • September 2020 (1)
  • January 2020 (1)
  • May 2019 (1)
  • March 2019 (2)
  • September 2018 (1)
  • May 2018 (1)
  • September 2017 (1)
  • March 2017 (1)
  • September 2016 (1)
  • March 2016 (1)
  • More...

XML Feeds

  • RSS 2.0: Posts
  • Atom: Posts
What is RSS?

About b2evolution

  • What is it?
  • Features
  • Getting Started
  • Screenshots
  • Online demo
  • Testimonials
  • Design philosophy
  • Free & open source
  • Terms of service

Downloads

  • Latest releases
  • Skins
  • Plugins
  • Language packs

About us

  • About us
  • Contact

Webhosting Guide

  • Web hosting blog
  • Best web hosting
  • Cheap web hosting
  • Green web hosting
  • Hosting with SSH
  • VPS hosting
  • Dedicated servers
  • Reseller hosting
  • Int'l: UK / France

Docs & Support

  • Online manual
  • Forums
  • Hire a pro !

Other

  • Adsense
  • Press room
  • Privacy policy

Stay in touch

  • GitHub
  • Twitter
  • Facebook
  • LinkedIn
  • News blog
  • RSS feed
  • Atom feed

Founded & Maintained by François Planque