PHP Security Advent Calendar 2018
RipsTech launched for the third year in a row the PHP security Advent Calendar 2018, and this year will be analyzed security bugs in the most widespread WordPress plugins.
The first two...
Cryptographically Secure PHP Development
Paragon Initiative Enterprises shared an interesting piece to Cryptographically Secure PHP Development. The article could be considered as additional resources to rules for programming cryptography code in C and point to...
Phar deserialization Exploit in phpBB
RipsTech reported a Phar Deserialization to RCE in the most famous forum software phpBB3. The vulnerability allows attackers who gain access to an administrator account to execute arbitrary PHP code and...
Build a secure login with Zend Framework
Enrico Zimuel, Zend consultant in Italy, wrote an interesting article on how to create a secure login with Zend Framework. The sample application uses Zend_Form, Zend_Auth_Adapter_DbTable, Zend_Session, Zend_Config and Zend_Db_Table. The...
Report : 61.5% of Websites still uses PHP5
Two months only remaining for PHP5 to get security releases before its official end of life. The version 5 of PHP is powering the web since 2014, however it is no...
Ciphersweet, Fast searchable field-level encryption for PHP projects
CipherSweet is a backend library developed by Paragon Initiative Enterprises for implementing searchable field-level encryption. The library come to answer the question "How do we securely encrypt database fields but still use these fields in...
What about relaunching the PHP Security Consortium?
The PHP Security Consortium was first launched in 2005, but since that date the initiative didn't see any new development even if it contributed with many interesting security resources to the...
INISCAN, The PHP ini scanner for best security practices
Since the PHPSecInfo is no longer updated, there is a similar tool which is recent, updated and could provides you with common security best practices for your PHP installations. Written by...
Infection PHP 0.6.2 Released
Infection PHP is an AST based (Abstract Syntax Tree) PHP Mutation Testing Framework. From the documentation "Mutation Testing is a fault-based testing technique which provides a testing criterion called the Mutation...
Apache : Why you should disable .htaccess
Sincerely, I can't agree with James Hayden that the $500 millions Healthcare.gov website failed due to an Apache misconfiguration, because a half billion website should not exist at all ! But totally...
Latest articles
Get Started with Laravel Volt: A Free Full Stack Laravel App...
Laravel Volt is an admin dashboard template that offers a comprehensive design and development toolbox for personal and commercial projects. It comes with handcrafted...
