Plain text considered harmful: A cross-domain exploit
Benjamin Dumke-von der Ehe posted a proof of concept for a cross domain exploit using plain text, available mainly in Firefox using Proxy objects and possibly in Chrome if you enable...
Build a secure login with Zend Framework
Enrico Zimuel, Zend consultant in Italy, wrote an interesting article on how to create a secure login with Zend Framework. The sample application uses Zend_Form, Zend_Auth_Adapter_DbTable, Zend_Session, Zend_Config and Zend_Db_Table. The...
Thanks to a PHP zero-day exploit, 6500 Sites erased from the Dark Web
Last week, one of the most popular Dark Web hosting services - Daniel’s Hosting - was attacked using a PHP zero-day exploit. The result : the server's root account was also deleted,...
Guide to Automatic Security Updates For PHP Developers
Most of the software security vulnerabilities known to man are preventable by careful development practices. For example, SQL injection can be prevented by separating the user-provided data from the SQL query....
Apache : Why you should disable .htaccess
Sincerely, I can't agree with James Hayden that the $500 millions Healthcare.gov website failed due to an Apache misconfiguration, because a half billion website should not exist at all ! But totally...
Perforce Unveils New PHP Security Center by Zend
New PHP Security Center by Zend allows PHP development teams to quickly assess PHP vulnerabilities and exposures by version, type, and severity.
MINNEAPOLIS, June 23, 2020 – Perforce Software, a provider of...
Google Announces the end of SHA-1
The first SHA1 collision have just been announced in a blog post by a team from google and CWI Amsterdam. In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash...
Report : 61.5% of Websites still uses PHP5
Two months only remaining for PHP5 to get security releases before its official end of life. The version 5 of PHP is powering the web since 2014, however it is no...
Cryptographically Secure PHP Development
Paragon Initiative Enterprises shared an interesting piece to Cryptographically Secure PHP Development. The article could be considered as additional resources to rules for programming cryptography code in C and point to...
Why Github new CodeQL security feature is not for PHP?
Last year, Github acquired the code analysis platform Semmle and now we can see this acquisition in practice : a new code scanning security feature have just been rolled out for...