Best Practices

Two months only remaining for PHP5 to get security releases before its official end of life. The version 5 of PHP is powering the web since 2014, however it is no...

Infection PHP is an AST based (Abstract Syntax Tree) PHP Mutation Testing Framework. From the documentation "Mutation Testing is a fault-based testing technique which provides a testing criterion called the Mutation...

Snuffleupagus is a PHP7 module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the...

GlobalPlatform is hosting a free webinar to outline the privacy and security benefits that secure elements bring for the protection of web apps. This webinar will offer insight into its new...

A very serious security issue that has been long standing with PHP have been quietly fixed without being noticed until it was submitted to the OSS security mailing list. The vulnerability...

The first SHA1 collision have just been announced in a blog post by a team from google and CWI Amsterdam. In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash...

Officially, Libsodium will be part of the core extension of PHP 7.2 after RFC vote last week with 37 Yes and 0 No ! Sodium is a new, easy-to-use software library for...

Paragon Initiative Enterprises shared an interesting piece to Cryptographically Secure PHP Development. The article could be considered as additional resources to rules for programming cryptography code in C and point to...

Most of the software security vulnerabilities known to man are preventable by careful development practices. For example, SQL injection can be prevented by separating the user-provided data from the SQL query....

Sincerely, I can't agree with James Hayden that the $500 millions Healthcare.gov website failed due to an Apache misconfiguration, because a half billion website should not exist at all ! But totally...