Security-Database

Intensively testing our new PSR2 and PSR4 Code base. Will be v3 proof. Update will be soon in production.

Rewriting lot's of our code to be PSR-2/PSR-4 compliant. Ouch ;) Need moral support ;) Really.

Back to business

Yeah 2000! Thanks to all!

Wow! Tricky!!

How we broke PHP, hacked Pornhub and earned 20.000$ | Bug Bounties - Evonide We audited Pornhub, then PHP and broke both. In particular, we have gained remote code ex*****on on pornhub.com and have earned a 20.000$ bug bounty.

Working on full implementation. A little bit tricky. Need to have sometimes and and propagate the right one between alerts...

https://www.security-database.com/toolswatch/Handle-of-the-CPE-Deprecated.html

CPE Deprecated Dictionary integration This update is one of our biggest ’technical’ updates. We will now fully handle the CPE Deprecated Dictionary made by NVD. Thousand lines of codes, tests, checks, re checks and more. Again, our data quality, but also our alerts, will be greater.But what is "Deprecated CPE Dictionary."It means that w...

CPEDict 2.2 and 2.3 needs a cleanup… For exemple proxysg have 3 Parts (o/h/a), and in 2.3v, min 2 names proxysg and sgos … Grrr

Seeing the light, but have underestimated the work to implement Deprecated CPE. Specially when we needed to update users CPE. Lot's of test case. Everything is done. Testing and testing again before Production!

Reply from NVD: cpe:/h:::::~~~x86~~ is a good CPE and comply with the standard but are not intended to be included in the official CPE dictionary, but can be used by security tools to identify potentially vulnerable platform configurations.

Ok, it comply, but really? It mean a vulnerability affect all x86 hardware? We will not include this one ;)

Working hard on the CPE Dictionary. We have found some incoherence like cpe:/h:::::~~~x86~~ or cpe:/o:linux or cpe:/o:microsoft. Improving our service to pass old Deprecated CPE to new CPE. Not a lots of code to rewrite, but a lots of verification ;)