Security

RipsTech reported a Phar Deserialization to RCE in the most famous forum software phpBB3. The vulnerability allows attackers who gain access to an administrator account to execute arbitrary PHP code and...

Most of the software security vulnerabilities known to man are preventable by careful development practices. For example, SQL injection can be prevented by separating the user-provided data from the SQL query....

RipsTech launched for the third year in a row the PHP security Advent Calendar 2018, and this year will be analyzed security bugs in the most widespread WordPress plugins. The first two...

The PHP Security Consortium was first launched in 2005, but since that date the initiative didn't see any new development even if it contributed with many interesting security resources to the...

Enrico Zimuel, Zend consultant in Italy, wrote an interesting article on how to create a secure login with Zend Framework. The sample application uses Zend_Form, Zend_Auth_Adapter_DbTable, Zend_Session, Zend_Config and Zend_Db_Table. The...

Two months only remaining for PHP5 to get security releases before its official end of life. The version 5 of PHP is powering the web since 2014, however it is no...

CipherSweet is a backend library developed by Paragon Initiative Enterprises for implementing searchable field-level encryption. The library come to answer the question "How do we securely encrypt database fields but still use these fields in...

Officially, Libsodium will be part of the core extension of PHP 7.2 after RFC vote last week with 37 Yes and 0 No ! Sodium is a new, easy-to-use software library for...

Anthony Ferrara, Google developer advocate, grabbed our attention this new year's eve with a blog showing over 78% of unsecure PHP installs ! That's pretty huge, especially if we know that...

As we have previously announced, Wikipedia migrated its platform to HHVM and we have found some interesting details on their experience posted by Ori Livneh in a Wikimedia blog post. Today...