I attended a session this morning called " PHP Taint Tool: It Ain't a Parser " by Luke Welling. Luke introduced a tool he's working on at OmniTI that is designed to assist in sniffing out where the potential for untrusted input is handled. From the session description: ... You want to see where untrusted input can propagate taint within the application. In complex logic that might mean chasing many possible execution paths. Using an automatic tool to try to follow these paths without running

Hey y'all. I've got some work goin' on that I sure could use a few hands that were real PHP savvy. I'm looking for some short-term and some mid-term consultants to do some experimental work with PHP applications on Windows. I have need for some local (Redmond) and some can work from remote. If you have some real fine PHP skills, including experience with databases, and have a track record of producing results, I'd be happy to hear from you. Tell me... are you up to it? Send me a mail: garretts at