PHP’s long standing security issue with OPCache leaking sensitive data Fixed
A very serious security issue that has been long standing with PHP have been quietly fixed without being noticed until it was submitted to the OSS security mailing list. The vulnerability...
Google Announces the end of SHA-1
The first SHA1 collision have just been announced in a blog post by a team from google and CWI Amsterdam. In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash...
PHP 7.2: The First Programming Language to Add Modern Cryptography to its Standard Library
Officially, Libsodium will be part of the core extension of PHP 7.2 after RFC vote last week with 37 Yes and 0 No ! Sodium is a new, easy-to-use software library for...
Cryptographically Secure PHP Development
Paragon Initiative Enterprises shared an interesting piece to Cryptographically Secure PHP Development. The article could be considered as additional resources to rules for programming cryptography code in C and point to...
Guide to Automatic Security Updates For PHP Developers
Most of the software security vulnerabilities known to man are preventable by careful development practices. For example, SQL injection can be prevented by separating the user-provided data from the SQL query....
Apache : Why you should disable .htaccess
Sincerely, I can't agree with James Hayden that the $500 millions Healthcare.gov website failed due to an Apache misconfiguration, because a half billion website should not exist at all ! But totally...
Hardening Framework plans to support PHP
The Hardening Framework is a security automation framework that applies secure default configuration while allowing customization for each deployment. It adds a layer into your automation framework, that configures your operating...
Behind the Scenes of Wikipedia’s Migration to HHVM
As we have previously announced, Wikipedia migrated its platform to HHVM and we have found some interesting details on their experience posted by Ori Livneh in a Wikimedia blog post. Today...
PHP: The “Right” Way Free eBook
We continue this week's security series with a free eBook titled PHP : The "Right" Way, which claims to be your guide to PHP best practices, coding standards, and authoritative tutorials....
INISCAN, The PHP ini scanner for best security practices
Since the PHPSecInfo is no longer updated, there is a similar tool which is recent, updated and could provides you with common security best practices for your PHP installations. Written by...