Accepted Talks

Title	Extension hacking
Authors	Lars Houmark, Henning Pingel
Abstract	In June and July 2007 a high amount of TYPO3 websites were hacked, partly because of security issues in TYPO3 extensions. Providing secure extensions is becoming more and more important for developers. During our talk we will 1) show how a malicious cracker exploited a security flaw in a TYPO3 extension to become a valid backend admin user, 2) point out the most common types of security issues in TYPO3 extensions and their impact. Here we want to concentrate on SQL Injection flaws and Cross Site Scripting (XSS) vulnerabilities. 3) stress how easy it is to fix or avoid these security issues in many cases.
Target audience	Technical (Developers, Administrators etc.)
Target OS	All
Time schedule	Default
Presentation	Talk
Authors Description