Security

A very serious security issue that has been long standing with PHP have been quietly fixed without being noticed until it was submitted to the OSS security mailing list. The vulnerability...

The first SHA1 collision have just been announced in a blog post by a team from google and CWI Amsterdam. In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash...

Officially, Libsodium will be part of the core extension of PHP 7.2 after RFC vote last week with 37 Yes and 0 No ! Sodium is a new, easy-to-use software library for...

Paragon Initiative Enterprises shared an interesting piece to Cryptographically Secure PHP Development. The article could be considered as additional resources to rules for programming cryptography code in C and point to...

Most of the software security vulnerabilities known to man are preventable by careful development practices. For example, SQL injection can be prevented by separating the user-provided data from the SQL query....

Sincerely, I can't agree with James Hayden that the $500 millions Healthcare.gov website failed due to an Apache misconfiguration, because a half billion website should not exist at all ! But totally...

The Hardening Framework is a security automation framework that applies secure default configuration while allowing customization for each deployment. It adds a layer into your automation framework, that configures your operating...

As we have previously announced, Wikipedia migrated its platform to HHVM and we have found some interesting details on their experience posted by Ori Livneh in a Wikimedia blog post. Today...

We continue this week's security series with a free eBook titled PHP : The "Right" Way, which claims to be your guide to PHP best practices, coding standards, and authoritative tutorials....

Since the PHPSecInfo is no longer updated, there is a similar tool which is recent, updated and could provides you with common security best practices for your PHP installations. Written by...