The Spanner Blog : Bypassing XSSAuditor
The spammer blog posted about bypassing XSS Auditor, a tool built-in Chrome and IE and enabled by default to prevent XSS attacks or just doing some weird things to your page....
PHP 7.2: The First Programming Language to Add Modern Cryptography to its Standard Library
Officially, Libsodium will be part of the core extension of PHP 7.2 after RFC vote last week with 37 Yes and 0 No ! Sodium is a new, easy-to-use software library for...
74% of PHP Installations are unsecure, You should upgrade !
Anthony Ferrara, Google developer advocate, grabbed our attention this new year's eve with a blog showing over 78% of unsecure PHP installs ! That's pretty huge, especially if we know that...
Behind the Scenes of Wikipedia’s Migration to HHVM
As we have previously announced, Wikipedia migrated its platform to HHVM and we have found some interesting details on their experience posted by Ori Livneh in a Wikimedia blog post. Today...
Thanks to a PHP zero-day exploit, 6500 Sites erased from the Dark Web
Last week, one of the most popular Dark Web hosting services - Daniel’s Hosting - was attacked using a PHP zero-day exploit. The result : the server's root account was also deleted,...
Essential PHP Security and its web companion
Essential PHP Securityby Chris ShiflettChris Shiflett have just announced the launch of PHPSecurity.org, the companion web site for his new book, Essential PHP Security. I have already announced the launch of...
Google Announces the end of SHA-1
The first SHA1 collision have just been announced in a blog post by a team from google and CWI Amsterdam. In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash...
Facebook Like Clickjacking Vulnerability
Eric Kerr pointed in his blog to a vulnerability in Facebook like button which basically allow an attacker to trick you into Liking something without your discretion.
How the attack works:
1....
HTML5 Security Realities
Brad Hill from Paypal, shared a very interesting slides that he presented during W3Conf 2013, which was held in San Fransisco on February 21, and 22. In the presentation you can find real...
Anthony Ferrara: Preventing CSRF Attacks
Anthony Ferrara wrote on his blog few steps to prevent CSRF attacks, also as a follow-up to a discussion previously started on this blog and on twitter also. First he defined...