b2evolution b2evolution

  • Sign in
  • Sign up
  • About
  • Demo
  • Downloads
  • Hosting
  • Docs
  • Support
  • Sign in
  • Sign up
  • About
  • News
 
  • « b2evolution 1.6 "Phoenix Alpha" released
  • Debian package »

b2evolution passing the Scanmus test

Posted by fplanque on Nov 13, 2005 in Security info, The Webmaster's Blog

Last week, at PHP Forum Paris 2005, Rasmus Lerdorf (the father of PHP if you don't know) showcased "Scanmus", a tool he's been developping internally at Yahoo in order to detect any severe security holes in PHP applications.

Of course, I took the opportunity to submit b2evolution as a candidate for the scanner to try all its evil tricks on!

b2evo passing the Scanmus test

While I was a little bit worried, since I submitted the not-yet-perfect Phoenix release, the results are pretty comforting about the overall security level provided by b2evolution.

Actually, the only issue detected by the scanner, as explained by Rasmus, is due to the demo server running an older version of PHP. Moreover it impacts PHP sessions, which b2evolution does not actually use (we'll turn them off on the demo server as well).

Of course, the test cannot be considered definitive, but still, if you compare b2evo's results with average results, you should get an idea about how much work and effort we've been putting into b2evo lately.

If you're interested, you can watch the video! Well, you will see no more than the screen from the picture above (except it moves a little), you won't even see Rasmus on screen, but you'll hear him commenting! ;)

My favorite quote: [Looking at the vulnerability report] "...nothing else?... That's disappointing! :>"

Watch on Youtube: https://youtu.be/_g94H14uNAY

8 comments

Comment from: Lenwood Visitor

Lenwood

That’s awesome news! And it reflects the level of support that I have seen over the past 2 months with the recent wave of blog spammers. Thanks to the entire b2evo community. I’m eager to run Phoenix and use some of its new features!

2005-11-14 @ 03:58 Reply to this comment

Comment from: blueyed Member

The video is funny. I can even hear François speak.. ;)

The mentioned vulnerability because of using PHP’s session management (which was just on the demo site to store if someone wants to use debugging) is removed.

2005-11-15 @ 10:25 Reply to this comment

Comment from: ¥åßßå Visitor

¥åßßå

Maybe you should send WP a copy ? ;)

¥

2005-11-15 @ 10:34 Reply to this comment

Comment from: fplanque Member

I wish I could use google but:

Thanks for your interest in Google Video.

Currently, the playback feature of Google Video isn’t available in your country.

We hope to make this feature available more widely in the future, and we really appreciate your patience.

2005-11-16 @ 20:06 Reply to this comment

Comment from: laygnuk Member

laygnuk

This is great :) i feel just so much better(about spam) since the dawn release already, and can’t wait for the next release :)
Keep up the good work, it’s a pleasure working with B2evolution!

2005-11-18 @ 19:50 Reply to this comment

Comment from: Sylvestre Visitor

Sylvestre

Do you know if he plans to release this tool ? (or if you know an equivalent tool)

2005-11-24 @ 20:58 Reply to this comment

Comment from: Craig Webster Visitor

Craig Webster

Instead of Google video, why not use the Coral CDN: http://doc.b2evolution.net.nyud.net:8090/media/b2evo_scanmus.mp4

Have an intermediate page which tries to redirect to the CDN version and if it fails have a backup link to the direct download.

2005-12-13 @ 19:18 Reply to this comment

Comment from: Joachim Visitor

Joachim

really funny video :)

2005-12-15 @ 12:11 Reply to this comment


Form is loading...

b2evolution News

  • Home
  • Latest comments

Search

Categories

  • All
  • New releases
    • Press releases
  • Community
  • b2evolution.net
  • Development
    • New features
    • Technology
    • Security info
    • Translations
  • The Webmaster's Blog

Archives

  • September 2020 (1)
  • January 2020 (1)
  • May 2019 (1)
  • March 2019 (2)
  • September 2018 (1)
  • May 2018 (1)
  • September 2017 (1)
  • March 2017 (1)
  • September 2016 (1)
  • March 2016 (1)
  • January 2016 (1)
  • September 2015 (1)
  • More...

XML Feeds

  • RSS 2.0: Posts, Comments
  • Atom: Posts, Comments
What is RSS?

About b2evolution

  • What is it?
  • Features
  • Getting Started
  • Screenshots
  • Online demo
  • Testimonials
  • Design philosophy
  • Free & open source
  • Terms of service

Downloads

  • Latest releases
  • Skins
  • Plugins
  • Language packs

About us

  • About us
  • Contact

Webhosting Guide

  • Web hosting blog
  • Best web hosting
  • Cheap web hosting
  • Green web hosting
  • Hosting with SSH
  • VPS hosting
  • Dedicated servers
  • Reseller hosting
  • Int'l: UK / France

Docs & Support

  • Online manual
  • Forums
  • Hire a pro !

Other

  • Adsense
  • Press room
  • Privacy policy

Stay in touch

  • GitHub
  • Twitter
  • Facebook
  • LinkedIn
  • News blog
  • RSS feed
  • Atom feed

Founded & Maintained by François Planque