Plain text considered harmful: A cross-domain exploit
Benjamin Dumke-von der Ehe posted a proof of concept for a cross domain exploit using plain text, available mainly in Firefox using Proxy objects and possibly in Chrome if you enable...
Perforce Unveils New PHP Security Center by Zend
New PHP Security Center by Zend allows PHP development teams to quickly assess PHP vulnerabilities and exposures by version, type, and severity.
MINNEAPOLIS, June 23, 2020 – Perforce Software, a provider of...
Infection PHP 0.6.2 Released
Infection PHP is an AST based (Abstract Syntax Tree) PHP Mutation Testing Framework. From the documentation "Mutation Testing is a fault-based testing technique which provides a testing criterion called the Mutation...
PHPVatch, Top 1M websites leaking PHP versions
With just few weeks until PHP 5.6 EoL, PHPVatch checks top 1 million websites from Alexa Top 1 million sites which are leaking their PHP versions
Only 4.88% of these websites have...
SourceGuardian 12 Released With Full PHP 8 Support
SourceGuardian 12 have just been released with full support of all the new PHP 8 language features. The new version now supports PHP 8 encoding, in addition to named parameters, attributes, union...
Understanding CIDRAM: An Overview of the Advanced Security Tool for Web Servers
CIDRAM (short for "Classless Inter-Domain Routing Access Manager") is a web security tool that helps protect websites from malicious traffic. It uses a combination of IP blocking, HTTP header analysis, and...
Build a secure login with Zend Framework
Enrico Zimuel, Zend consultant in Italy, wrote an interesting article on how to create a secure login with Zend Framework. The sample application uses Zend_Form, Zend_Auth_Adapter_DbTable, Zend_Session, Zend_Config and Zend_Db_Table. The...
PHP: The “Right” Way Free eBook
We continue this week's security series with a free eBook titled PHP : The "Right" Way, which claims to be your guide to PHP best practices, coding standards, and authoritative tutorials....
Why Github new CodeQL security feature is not for PHP?
Last year, Github acquired the code analysis platform Semmle and now we can see this acquisition in practice : a new code scanning security feature have just been rolled out for...
Phar deserialization Exploit in phpBB
RipsTech reported a Phar Deserialization to RCE in the most famous forum software phpBB3. The vulnerability allows attackers who gain access to an administrator account to execute arbitrary PHP code and...
Latest articles
Get Started with Laravel Volt: A Free Full Stack Laravel App...
Laravel Volt is an admin dashboard template that offers a comprehensive design and development toolbox for personal and commercial projects. It comes with handcrafted...
