Best Practices

Hope you will are not coming to this page the day you are hit by a malware ! Because the day you discover that your server is compromised by a malware...

Benjamin Dumke-von der Ehe posted a proof of concept for a cross domain exploit using plain text, available mainly in Firefox using Proxy objects and possibly in Chrome if you enable...

Enrico Zimuel, Zend consultant in Italy, wrote an interesting article on how to create a secure login with Zend Framework. The sample application uses Zend_Form, Zend_Auth_Adapter_DbTable, Zend_Session, Zend_Config and Zend_Db_Table. The...

Last week, one of the most popular Dark Web hosting services - Daniel’s Hosting - was attacked using a PHP zero-day exploit. The result : the server's root account was also deleted,...

Most of the software security vulnerabilities known to man are preventable by careful development practices. For example, SQL injection can be prevented by separating the user-provided data from the SQL query....

Sincerely, I can't agree with James Hayden that the $500 millions Healthcare.gov website failed due to an Apache misconfiguration, because a half billion website should not exist at all ! But totally...

New PHP Security Center by Zend allows PHP development teams to quickly assess PHP vulnerabilities and exposures by version, type, and severity. MINNEAPOLIS, June 23, 2020 – Perforce Software, a provider of...

The first SHA1 collision have just been announced in a blog post by a team from google and CWI Amsterdam. In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash...

Two months only remaining for PHP5 to get security releases before its official end of life. The version 5 of PHP is powering the web since 2014, however it is no...

Paragon Initiative Enterprises shared an interesting piece to Cryptographically Secure PHP Development. The article could be considered as additional resources to rules for programming cryptography code in C and point to...