Thanks to a PHP zero-day exploit, 6500 Sites erased from the Dark Web
Last week, one of the most popular Dark Web hosting services - Daniel’s Hosting - was attacked using a PHP zero-day exploit. The result : the server's root account was also deleted,...
Snuffleupagus, Experimental Security module for php7
Snuffleupagus is a PHP7 module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the...
Facebook Like Clickjacking Vulnerability
Eric Kerr pointed in his blog to a vulnerability in Facebook like button which basically allow an attacker to trick you into Liking something without your discretion.
How the attack works:
1....
Google Announces the end of SHA-1
The first SHA1 collision have just been announced in a blog post by a team from google and CWI Amsterdam. In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash...
PHP Security Advent Calendar 2018
RipsTech launched for the third year in a row the PHP security Advent Calendar 2018, and this year will be analyzed security bugs in the most widespread WordPress plugins.
The first two...
How Composer Avoid Dependency Chain Attacks
In a blog post published by Nils Adermann co-Founder of Packagist, explained how composer manage dependency confusion and avoid security issues caused by other package managers to big companies such Apple,...
The Balancing Act of Web Security and Performance: How to Keep Your Website Safe...
In today's digital landscape, websites and web applications have become essential tools for businesses and individuals alike. With this increased reliance on online presence comes the need for robust security measures...
Ciphersweet, Fast searchable field-level encryption for PHP projects
CipherSweet is a backend library developed by Paragon Initiative Enterprises for implementing searchable field-level encryption. The library come to answer the question "How do we securely encrypt database fields but still use these fields in...
Symfony security : Disclosure of uploaded files full path
Fabien Potencier have just published a new security issue CVE-2018-19789 related to the disclosure of uploaded files full path that affect versions 2.7.0 to 2.7.49, 2.8.0 to 2.8.48, 3.0.0 to 3.4.19,...
The Spanner Blog : Bypassing XSSAuditor
The spammer blog posted about bypassing XSS Auditor, a tool built-in Chrome and IE and enabled by default to prevent XSS attacks or just doing some weird things to your page....
Latest articles
Get Started with Laravel Volt: A Free Full Stack Laravel App...
Laravel Volt is an admin dashboard template that offers a comprehensive design and development toolbox for personal and commercial projects. It comes with handcrafted...
