Published News » Security
Recently word as spread about the Wordpress password reset exploit. Any version of Wordpress from version 2.8.3 down is vulnerable. The exploit will allow anyone to reset the admin password of a Wordpress powered blog by simply adding parameters in the URL's query string.
Read More
There was a recent question about a PHP security checklist on a forum I frequent, and I’ve decided to write my own comprehensive checklist to fill the void. There’s something for everyone but the security expert. In fact, you might find an issue that you never thought about.
Read More
Pete LePage works as a PM on the Internet Explorer team working with developer security. He stopped by the studio today to give us some tips as surfers, as well as a few tips for developers, on some of the things that can help prevent security threats. In 2008 a study showed that about 70% of attacks on web sites were from cross-site scripting. Pete goes through three security topics that every d
Read More
I got asked to review a fairly large piece of PHP code recently and, whoooo boy, was I in for a treat (treat as in clawing my eyes out with a rusty spoon while listening to Nickelback, as interpreted by Dr Zoidberg. In reverse). No cup of heavenly blessed Kopi Luwak coffee, poured into a cup of golden banana leaves by naked triplets could counter the massive damage done to my corneas or, for that
Read More
In our previous post “Writing secure codes in PHP” we discussed about the most basic tips on creating secure PHP applications. Here we provide more insight to one of the threats discussed.
Read More
It may considerably reduce XSS attack possibilities if not completely eradicate it. XSS, or Cross Site Scripting, is probably the most common security problems in web applications that engage in heavy user input. If you’ve ever tried to build a web application that users can input data in a lot of different venues, chances are it has a security hole somewhere that allows XSS attacks. Don’t panic
Read More
Wordpress 2.9.2 is the latest version release with the simple point to improve its flexibility and security. If you have untrusted authors logging into your blog may lead to trash of your articles, your are recommended to use the latest Wordpress 2.9.2.
Read More
A lot of tweets today informed me about launch of Damn Vulnerable Web App (DVWA) which is basically an aid for security professionals to test their skills and tools and help web developers better understand the processes of securing web applications.
I had an old list of tools/plug-ins/utilities etc which can be helpful while playing with DVWA and I'd like to share the same for you to learn We
Read More
Everyone who cares about security will remember the Debian Openssl disaster in 2008. The debian developers had patched their version of openssl to fix compiler warnings. This resulted in a broken random number generator that made all keys generated by Debian systems predictable. One would think that Debian developers are more careful with patching “bugs” in security tools since that day.
Read More
During the era of a rapidly growing Internet market security has to be one of the prime concerns of a web developer. Today the content online includes something more than plain text. Personal details, bank transactions, socialising details are few of the many things stored on the Internet by users who blindly trust service providers for securing it. As a beginner in any web-development area, a q
Read More
If you were a sysadmin a few years ago, and you had php on your servers, you're probably already familiar with c99. In case you haven't had the personal | Eric Lamb
Read More
When you’re developing applications or a website using MySQL, there are a few tips you can follow to enhance the security of your database. When you create a database and use PHP to code your applications you’re automatically faced with hash security risks that can hinder what you’ve worked hard to develop. Below, we’re going to touch base on a few Vital MySQL Development Security Tips that will
Read More
Every version comes with improvements, but until we get a completely secure WordPress version we have to find ways to improve the security ourselves. Here are 10 great ways to improve the security of your WordPress powered website.
Read More
If your web server’s access permissions are wrong, it will be easier for somebody to take control over your server. So, next 3 advices are how to fix your access rights:
Read More
As the Web continues its march towards becoming the de facto interface for the world's software applications, developers must find effective ways to not only communicate with server processes such as MySQL, but also other operating system tools such as a shell or Ruby script. In this tutorial, I'll show you how to securely execute a variety of system-based commands via a PHP script, demonstrating
Read More
If you're having problems with server load due to high volume of traffic you can try getting fast cheap web hosting for your sites. Although web hosting is part of the solution you also need to consider other bandwidth heavy website applications.
