Ciphersweet, Fast searchable field-level encryption for PHP projects
CipherSweet is a backend library developed by Paragon Initiative Enterprises for implementing searchable field-level encryption. The library come to answer the question "How do we securely encrypt database fields but still use these fields in...
Webinar : Securing Your Infrastructure Before, During and After Deployment
Synk is organizing a webinar on October 14, 2020 3:00 pm CET titled securing your infrastructure before, during and after deployment. There will be three speakers from respectively Synk, Pulumi, and...
PHP Security Advent Calendar 2018
RipsTech launched for the third year in a row the PHP security Advent Calendar 2018, and this year will be analyzed security bugs in the most widespread WordPress plugins.
The first two...
Apache : Why you should disable .htaccess
Sincerely, I can't agree with James Hayden that the $500 millions Healthcare.gov website failed due to an Apache misconfiguration, because a half billion website should not exist at all ! But totally...
Symfony security : Disclosure of uploaded files full path
Fabien Potencier have just published a new security issue CVE-2018-19789 related to the disclosure of uploaded files full path that affect versions 2.7.0 to 2.7.49, 2.8.0 to 2.8.48, 3.0.0 to 3.4.19,...
Essential PHP Security and its web companion
Essential PHP Securityby Chris ShiflettChris Shiflett have just announced the launch of PHPSecurity.org, the companion web site for his new book, Essential PHP Security. I have already announced the launch of...
PHP 7.2: The First Programming Language to Add Modern Cryptography to its Standard Library
Officially, Libsodium will be part of the core extension of PHP 7.2 after RFC vote last week with 37 Yes and 0 No ! Sodium is a new, easy-to-use software library for...
The Spanner Blog : Bypassing XSSAuditor
The spammer blog posted about bypassing XSS Auditor, a tool built-in Chrome and IE and enabled by default to prevent XSS attacks or just doing some weird things to your page....
Understanding CIDRAM: An Overview of the Advanced Security Tool for Web Servers
CIDRAM (short for "Classless Inter-Domain Routing Access Manager") is a powerful web security tool that helps protect websites from malicious traffic. It uses a combination of IP blocking, HTTP header analysis,...
Top PHP Security and Malware Scanners
Hope you will are not coming to this page the day you are hit by a malware ! Because the day you discover that your server is compromised by a malware...