PHP: The “Right” Way Free eBook
We continue this week's security series with a free eBook titled PHP : The "Right" Way, which claims to be your guide to PHP best practices, coding standards, and authoritative tutorials....
PHPVatch, Top 1M websites leaking PHP versions
With just few weeks until PHP 5.6 EoL, PHPVatch checks top 1 million websites from Alexa Top 1 million sites which are leaking their PHP versions
Only 4.88% of these websites have...
PHP’s long standing security issue with OPCache leaking sensitive data Fixed
A very serious security issue that has been long standing with PHP have been quietly fixed without being noticed until it was submitted to the OSS security mailing list. The vulnerability...
Webinar : Securing Your Infrastructure Before, During and After Deployment
Synk is organizing a webinar on October 14, 2020 3:00 pm CET titled securing your infrastructure before, during and after deployment. There will be three speakers from respectively Synk, Pulumi, and...
Hardening Framework plans to support PHP
The Hardening Framework is a security automation framework that applies secure default configuration while allowing customization for each deployment. It adds a layer into your automation framework, that configures your operating...
SensioLabs Security Checker Version 5 recommended
If you are using SensioLabs Security Checker, then make sure you are using only the version number five, recommended Fabien Potencier.
https://twitter.com/fabpot/status/1065864144732241920?s=09
The SensioLabs Security Checker is a command line tool that checks...
Snuffleupagus, Experimental Security module for php7
Snuffleupagus is a PHP7 module designed to drastically raise the cost of attacks against websites. This is achieved by killing entire bug classes and providing a powerful virtual-patching system, allowing the...
Essential PHP Security Book Reviewed
I have announced this book when it was first published in December 2005, Nine years ago or almost ! Today we are sharing with you a more detailed review of this...
Webinar : Protecting Web Apps with Secure Components
GlobalPlatform is hosting a free webinar to outline the privacy and security benefits that secure elements bring for the protection of web apps. This webinar will offer insight into its new...
Phar deserialization Exploit in phpBB
RipsTech reported a Phar Deserialization to RCE in the most famous forum software phpBB3. The vulnerability allows attackers who gain access to an administrator account to execute arbitrary PHP code and...