Why Github new CodeQL security feature is not for PHP?
Last year, Github acquired the code analysis platform Semmle and now we can see this acquisition in practice : a new code scanning security feature have just been rolled out for...
Cryptographically Secure PHP Development
Paragon Initiative Enterprises shared an interesting piece to Cryptographically Secure PHP Development. The article could be considered as additional resources to rules for programming cryptography code in C and point to...
PHPIDS, PHP-Intrusion Detection System for your Apps
While we are talking about unsecure PHP installations, we'll be sharing this week lots of tips and tricks about PHP security. If a PHP version is considered unsecure, it doesn't necessary...
The PHPHack that Broke Password Hashing
PHP recently suffered a bug in its password hashing algorithm that could lead to security vulnerabilities in applications. The bug, which was discovered and reported by researchers from Paragon Initiative Enterprises,...
PHP’s long standing security issue with OPCache leaking sensitive data Fixed
A very serious security issue that has been long standing with PHP have been quietly fixed without being noticed until it was submitted to the OSS security mailing list. The vulnerability...
Perforce Unveils New PHP Security Center by Zend
New PHP Security Center by Zend allows PHP development teams to quickly assess PHP vulnerabilities and exposures by version, type, and severity.
MINNEAPOLIS, June 23, 2020 – Perforce Software, a provider of...
Build a secure login with Zend Framework
Enrico Zimuel, Zend consultant in Italy, wrote an interesting article on how to create a secure login with Zend Framework. The sample application uses Zend_Form, Zend_Auth_Adapter_DbTable, Zend_Session, Zend_Config and Zend_Db_Table. The...
Understanding CIDRAM: An Overview of the Advanced Security Tool for Web Servers
CIDRAM (short for "Classless Inter-Domain Routing Access Manager") is a web security tool that helps protect websites from malicious traffic. It uses a combination of IP blocking, HTTP header analysis, and...
Webinar : Securing Your Infrastructure Before, During and After Deployment
Synk is organizing a webinar on October 14, 2020 3:00 pm CET titled securing your infrastructure before, during and after deployment. There will be three speakers from respectively Synk, Pulumi, and...
Thanks to a PHP zero-day exploit, 6500 Sites erased from the Dark Web
Last week, one of the most popular Dark Web hosting services - Daniel’s Hosting - was attacked using a PHP zero-day exploit. The result : the server's root account was also deleted,...