Bug reporting contest for new CMS, "Theia", until end of Sep

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
SikoSoft
Forum Newbie
Posts: 6
Joined: Wed Sep 09, 2009 9:16 am

Bug reporting contest for new CMS, "Theia", until end of Sep

Post by SikoSoft »

If you fancy yourself as a bit of a security expert, or are merely someone who likes to tinker with sites to find weaknesses, then you are desperately wanted!

Let me explain... Over the course of many years I've been developing a CMS that I use for several sites. It's been something that has been in development for more than 7 years, and some of the earlier years security wasn't taken nearly as seriously as it should have been. >_< Oh, the system is called "Theia".

Anyhow, now that I have finally started with public beta testing, and would like to wrap up a stable release before the end of the year (which will also be completely free). I worked as a support technician for a php software company, and I know how bad your image can be shattered when folks start discovering injections and so forth. I want to get most of these issues taken down before the stable release, because.. well, otherwise it wouldn't be "stable", would it? ;P

Since I am also looking to get Theia exposed to larger number of people (since only then can it improve), I am holding a contest during the month of September in which the winner will receive $100. The winner is the person who gets the most confirmed or fixed bug reports before September is over. You can receive the prize as an amazon gift certificate or sent to a paypal account. For the rules and more details just look @

http://www.sikosoft.com/item/win_100_by_reporting_bugs

To summarize, Theia, a new PHP CMS is beta and I'd love your help in pointing out all its flaws. People try SQL injections on a regular basis, and so far none have been effective, but it's only a matter of time before something is found, unless I do something! Plus, I don't have just my own security to think about anymore, but other peoples'.

If you do not have a web server you can test out an installation of Theia on, then you're welcome just to look for bugs on our site, since our site uses the most current version of Theia (even more current than the distribution).

Thank you all for your time, and I hope that a few of you tinkerers out there take a look and see what you can find! :) The winner will be notified on October 1st, and will receive payment the same day.

Peace!
Post Reply