Best Practices

This category covers the best practices for writing high-quality, secure, and maintainable PHP code. Topics covered include coding standards, testing, optimization, security, and deployment.


Top PHP Security and Malware Scanners

Hope you will are not coming to this page the day you are hit by a malware ! Because the day you discover that your server is compromised by a malware...

Why Github new CodeQL security feature is not for PHP?

Last year, Github acquired the code analysis platform Semmle and now we can see this acquisition in practice : a new code scanning security feature have just been rolled out for...

Perforce Unveils New PHP Security Center by Zend

New PHP Security Center by Zend allows PHP development teams to quickly assess PHP vulnerabilities and exposures by version, type, and severity. MINNEAPOLIS, June 23, 2020 – Perforce Software, a provider of...

Symfony security : Disclosure of uploaded files full path

Fabien Potencier have just published a new security issue CVE-2018-19789 related to the disclosure of uploaded files full path that affect versions 2.7.0 to 2.7.49, 2.8.0 to 2.8.48, 3.0.0 to 3.4.19,...

PHP Security Advent Calendar 2018

RipsTech launched for the third year in a row the PHP security Advent Calendar 2018, and this year will be analyzed security bugs in the most widespread WordPress plugins. The first two...

Phar deserialization Exploit in phpBB

RipsTech reported a Phar Deserialization to RCE in the most famous forum software phpBB3. The vulnerability allows attackers who gain access to an administrator account to execute arbitrary PHP code and...

SensioLabs Security Checker Version 5 recommended

If you are using SensioLabs Security Checker, then make sure you are using only the version number five, recommended Fabien Potencier. The SensioLabs Security Checker is a command line tool that checks...

Ciphersweet, Fast searchable field-level encryption for PHP projects

CipherSweet is a backend library developed by Paragon Initiative Enterprises for implementing searchable field-level encryption. The library come to answer the question "How do we securely encrypt database fields but still use these fields in...

Thanks to a PHP zero-day exploit, 6500 Sites erased from the Dark Web

Last week, one of the most popular Dark Web hosting services - Daniel’s Hosting - was attacked using a PHP zero-day exploit. The result : the server's root account was also deleted,...

PHPVatch, Top 1M websites leaking PHP versions

With just few weeks until PHP 5.6 EoL, PHPVatch checks top 1 million websites from Alexa Top 1 million sites which are leaking their PHP versions Only 4.88% of these websites have...

Social Media


Latest articles

Get Started with Laravel Volt: A Free Full Stack Laravel App...

Laravel Volt is an admin dashboard template that offers a comprehensive design and development toolbox for personal and commercial projects. It comes with handcrafted...