What about relaunching the PHP Security Consortium?
The PHP Security Consortium was first launched in 2005, but since that date the initiative didn't see any new development even if it contributed with many interesting security resources to the...
Essential PHP Security Book Reviewed
I have announced this book when it was first published in December 2005, Nine years ago or almost ! Today we are sharing with you a more detailed review of this...
PHPIDS, PHP-Intrusion Detection System for your Apps
While we are talking about unsecure PHP installations, we'll be sharing this week lots of tips and tricks about PHP security. If a PHP version is considered unsecure, it doesn't necessary...
74% of PHP Installations are unsecure, You should upgrade !
Anthony Ferrara, Google developer advocate, grabbed our attention this new year's eve with a blog showing over 78% of unsecure PHP installs ! That's pretty huge, especially if we know that...
Plain text considered harmful: A cross-domain exploit
Benjamin Dumke-von der Ehe posted a proof of concept for a cross domain exploit using plain text, available mainly in Firefox using Proxy objects and possibly in Chrome if you enable...
Anthony Ferrara: Preventing CSRF Attacks
Anthony Ferrara wrote on his blog few steps to prevent CSRF attacks, also as a follow-up to a discussion previously started on this blog and on twitter also. First he defined...
The Spanner Blog : Bypassing XSSAuditor
The spammer blog posted about bypassing XSS Auditor, a tool built-in Chrome and IE and enabled by default to prevent XSS attacks or just doing some weird things to your page....
HTML5 Security Realities
Brad Hill from Paypal, shared a very interesting slides that he presented duringĀ W3Conf 2013, which was held in San Fransisco on February 21, and 22. In the presentation you can findĀ real...
Facebook Like Clickjacking Vulnerability
Eric Kerr pointed in his blog to a vulnerability in Facebook like button which basically allow an attacker to trick you into Liking something without your discretion.
How the attack works:
1....
Build a secure login with Zend Framework
Enrico Zimuel, Zend consultant in Italy, wrote an interesting article on how to create a secure login with Zend Framework. The sample application uses Zend_Form, Zend_Auth_Adapter_DbTable, Zend_Session, Zend_Config and Zend_Db_Table. The...