Spamming vulnerable application; Phone spamming; email spamming

Spamming is the common issue found in the web apps. Mostly the modules of the application like notification sent on “email/phone” or operations performed like “database insertion/file creation on server” are the places where spamming can me done when vulnerable.

If the application is not able to identify the forged request and the same request is entertained by the application several times then the attacker can use it to spam a registered user or any user depending upon the applications behavior.

Below is the demo link and source to the spamming vulnerable app.

Demo Download source

I am a PHP Lover

They say PHP’s biggest strength is its omnipresence and easy to do behavior. Since anything can be achieved using PHP, it runs on every current OS out there.I see it has a blessing and a curse. PHP’s biggest weak point is that it is easy to learn.

I still see horrible, insecure PHP W-apps out there. Many of the Non-developers picked it up and didn’t know to consider security. It has created the perception that PHP itself is insecure when the problem was within the frameworks and modules built upon top of it.

Although Facebook/Yahoo has taken PHP to a scale beyond the consideration and even better, as they’ve tackled issues with caching, deployment and operations etc. and shared most of it back with the world as well.