Hardening Framework plans to support PHP
The Hardening Framework is a security automation framework that applies secure default configuration while allowing customization for each deployment. It adds a layer into your automation framework, that configures your operating...
Behind the Scenes of Wikipedia’s Migration to HHVM
As we have previously announced, Wikipedia migrated its platform to HHVM and we have found some interesting details on their experience posted by Ori Livneh in a Wikimedia blog post. Today...
PHP: The “Right” Way Free eBook
We continue this week's security series with a free eBook titled PHP : The "Right" Way, which claims to be your guide to PHP best practices, coding standards, and authoritative tutorials....
INISCAN, The PHP ini scanner for best security practices
Since the PHPSecInfo is no longer updated, there is a similar tool which is recent, updated and could provides you with common security best practices for your PHP installations. Written by...
What about relaunching the PHP Security Consortium?
The PHP Security Consortium was first launched in 2005, but since that date the initiative didn't see any new development even if it contributed with many interesting security resources to the...
Essential PHP Security Book Reviewed
I have announced this book when it was first published in December 2005, Nine years ago or almost ! Today we are sharing with you a more detailed review of this...
PHPIDS, PHP-Intrusion Detection System for your Apps
While we are talking about unsecure PHP installations, we'll be sharing this week lots of tips and tricks about PHP security. If a PHP version is considered unsecure, it doesn't necessary...
74% of PHP Installations are unsecure, You should upgrade !
Anthony Ferrara, Google developer advocate, grabbed our attention this new year's eve with a blog showing over 78% of unsecure PHP installs ! That's pretty huge, especially if we know that...
Plain text considered harmful: A cross-domain exploit
Benjamin Dumke-von der Ehe posted a proof of concept for a cross domain exploit using plain text, available mainly in Firefox using Proxy objects and possibly in Chrome if you enable...
Anthony Ferrara: Preventing CSRF Attacks
Anthony Ferrara wrote on his blog few steps to prevent CSRF attacks, also as a follow-up to a discussion previously started on this blog and on twitter also. First he defined...