Security

The PHP Security Consortium was first launched in 2005, but since that date the initiative didn't see any new development even if it contributed with many interesting security resources to the...

I have announced this book when it was first published in December 2005, Nine years ago or almost ! Today we are sharing with you a more detailed review of this...

While we are talking about unsecure PHP installations, we'll be sharing this week lots of tips and tricks about PHP security. If a PHP version is considered unsecure, it doesn't necessary...

Anthony Ferrara, Google developer advocate, grabbed our attention this new year's eve with a blog showing over 78% of unsecure PHP installs ! That's pretty huge, especially if we know that...

Benjamin Dumke-von der Ehe posted a proof of concept for a cross domain exploit using plain text, available mainly in Firefox using Proxy objects and possibly in Chrome if you enable...

Anthony Ferrara wrote on his blog few steps to prevent CSRF attacks, also as a follow-up to a discussion previously started on this blog and on twitter also. First he defined...

The spammer blog posted about bypassing XSS Auditor, a tool built-in Chrome and IE and enabled by default to prevent XSS attacks or just doing some weird things to your page....

Brad Hill from Paypal, shared a very interesting slides that he presented during W3Conf 2013, which was held in San Fransisco on February 21, and 22. In the presentation you can find real...

Eric Kerr pointed in his blog to a vulnerability in Facebook like button which basically allow an attacker to trick you into Liking something without your discretion. How the attack works: 1....

Enrico Zimuel, Zend consultant in Italy, wrote an interesting article on how to create a secure login with Zend Framework. The sample application uses Zend_Form, Zend_Auth_Adapter_DbTable, Zend_Session, Zend_Config and Zend_Db_Table. The...