Best Practices

Last week, one of the most popular Dark Web hosting services - Daniel’s Hosting - was attacked using a PHP zero-day exploit. The result : the server's root account was also deleted,...

Since the PHPSecInfo is no longer updated, there is a similar tool which is recent, updated and could provides you with common security best practices for your PHP installations. Written by...

Infection PHP is an AST based (Abstract Syntax Tree) PHP Mutation Testing Framework. From the documentation "Mutation Testing is a fault-based testing technique which provides a testing criterion called the Mutation...

Sincerely, I can't agree with James Hayden that the $500 millions Healthcare.gov website failed due to an Apache misconfiguration, because a half billion website should not exist at all ! But totally...

The spammer blog posted about bypassing XSS Auditor, a tool built-in Chrome and IE and enabled by default to prevent XSS attacks or just doing some weird things to your page....

The first SHA1 collision have just been announced in a blog post by a team from google and CWI Amsterdam. In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash...

Essential PHP Securityby Chris ShiflettChris Shiflett have just announced the launch of PHPSecurity.org, the companion web site for his new book, Essential PHP Security. I have already announced the launch of...

Yesterday a friend was requesting a MYSQL/PHP Consultant to speed up his websites, and today I was reading few comments and solutions on his facebook : Use APC, mem_cache for PHP,...

While we are talking about unsecure PHP installations, we'll be sharing this week lots of tips and tricks about PHP security. If a PHP version is considered unsecure, it doesn't necessary...

Eric Kerr pointed in his blog to a vulnerability in Facebook like button which basically allow an attacker to trick you into Liking something without your discretion. How the attack works: 1....