Essential PHP Security and its web companion
Essential PHP Securityby Chris ShiflettChris Shiflett have just announced the launch of PHPSecurity.org, the companion web site for his new book, Essential PHP Security. I have already announced the launch of...
Infection PHP 0.6.2 Released
Infection PHP is an AST based (Abstract Syntax Tree) PHP Mutation Testing Framework. From the documentation "Mutation Testing is a fault-based testing technique which provides a testing criterion called the Mutation...
INISCAN, The PHP ini scanner for best security practices
Since the PHPSecInfo is no longer updated, there is a similar tool which is recent, updated and could provides you with common security best practices for your PHP installations. Written by...
Understanding CIDRAM: An Overview of the Advanced Security Tool for Web Servers
CIDRAM (short for "Classless Inter-Domain Routing Access Manager") is a web security tool that helps protect websites from malicious traffic. It uses a combination of IP blocking, HTTP header analysis, and...
How Composer Avoid Dependency Chain Attacks
In a blog post published by Nils Adermann co-Founder of Packagist, explained how composer manage dependency confusion and avoid security issues caused by other package managers to big companies such Apple,...
The Balancing Act of Web Security and Performance: How to Keep Your Website Safe...
In today's digital landscape, websites and web applications have become essential tools for businesses and individuals alike. With this increased reliance on online presence comes the need for robust security measures...
PHPVatch, Top 1M websites leaking PHP versions
With just few weeks until PHP 5.6 EoL, PHPVatch checks top 1 million websites from Alexa Top 1 million sites which are leaking their PHP versions
Only 4.88% of these websites have...
Google Announces the end of SHA-1
The first SHA1 collision have just been announced in a blog post by a team from google and CWI Amsterdam. In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash...
Facebook Like Clickjacking Vulnerability
Eric Kerr pointed in his blog to a vulnerability in Facebook like button which basically allow an attacker to trick you into Liking something without your discretion.
How the attack works:
1....
The PHPHack that Broke Password Hashing
PHP recently suffered a bug in its password hashing algorithm that could lead to security vulnerabilities in applications. The bug, which was discovered and reported by researchers from Paragon Initiative Enterprises,...