Upcoming News » Security


Security »

Secure Input is a PHP class that allows you to secure your PHP application with a single function call.
For this it uses PHPIDS inputFilter and class. It also helps to secure your forms with unique tokens. In addition it allows for a session_start with checks of the owners.
You can find some documentation on Outweb.
Read More
Posted by outweb (#96) 1218 days ago (http://outweb.fr)
Discuss  | Read MoreBury | Tweet This | Tagged: phpids outweb security php application
Add To 

Security »

Yeah, you read that right.
Kids, don’t try this sort of security in your own web apps.  This is reserved for high-end financial institutions only. Read More
Posted by girish.r 1290 days ago (http://michaelkimsal.com)
Discuss  | Read MoreBury | Tweet This | Tagged: mind blowing security practice password
Add To 

Security »

First post of the series discussing various methods of including remote PHP code in your application - from security standpoint. In this post we discuss the history of remote code execution vulnerabilities in PHP apps and ways to prevent them Read More
Posted by girish.r 1290 days ago (http://css.dzone.com)
Discuss  | Read MoreBury | Tweet This | Tagged: php securely include remote code
Add To 

Security »

Cross-Site Scripting (XSS) is a type of attack where a hacker attempts to inject client-side scripting into a webpage that others are able to view. The attack could be as simple as an annoying alert window or as sophisticated as stealing a logged in user's credentials (commonly saved in browser cookies). With a user's credentials, a hacker could gain access to sensitive parts of your website or Read More
Posted by girish.r 1290 days ago (http://jstiles.com)
Discuss  | Read MoreBury | Tweet This | Tagged: how to protect site xss php
Add To 

Security »

There are many ways to handle passwords in your application, and a lot of different thoughts on it. You want to make sure your users are protected, but you also want to make sure that you are able to easily work with the data through the application. Here is how I handle passwords... Read More
Posted by girish.r 1310 days ago (http://www.chrisgmyr.com)
Discuss  | Read MoreBury | Tweet This | Tagged: password php security
Add To 

Security »

One of the issues Web Developers face is making their application robust to prevent SQL injection attacks. Different approaches exist which help. Sometimes people use large abstraction layers (which, sometimes, don't make anything safe ...) and sometimes people use prepared statements as a way to secure queries. Now prepared statements were a nice invention some 30 years ago abut they weren't mea Read More
Posted by girish.r 1311 days ago (http://schlueters.de)
Discuss  | Read MoreBury | Tweet This | Tagged: sql injection mysqli_format_query
Add To 

Security »

This weekend we had a hackday on PHPCR. The goal was to coordinate the efforts of Midgard to implement PHPCR with the Jackalope project. We ended up doing a few important cleanups to the PHPCR API definition (see below). We had Henri and Eero from the Midgard project, Benjamin from the Doctrine project and Jordi, Lukas, Chregu and myself (David) from Liip. On the second day, Uwe, Johannes and Da Read More
Posted by girish.r 1314 days ago (http://blog.liip.ch)
Discuss  | Read MoreBury | Tweet This | Tagged: phpcr jackalope cmf symfony hackday |
Add To 

Security »

As many of my readers know, I have a keen dislike for regular expression based HTML sanitisation. Regular expressions simply do not understand HTML’s nested nature and the numerous possible HTML/CSS standards it must abide by. The result is that far too many developers try to program this understanding (and unfortunately their lack of comprehensive understanding) into home grown sanitisers using Read More
Posted by girish.r 1319 days ago (http://blog.astrumfutura.com)
Discuss  | Read MoreBury | Tweet This | Tagged: cross-site scripting javascript php regular expression security vulnerability (computing)
Add To 

Security »

OTN has published two articles by Eli White that stem from his long experience with protecting high volume websites from unwanted and malicious use. Eli has worked on many large scale PHP projects including Digg, TripAdvisor, and for the Hubble...
Read More
Posted by girish.r 1332 days ago (http://blogs.oracle.com)
Discuss  | Read MoreBury | Tweet This | Tagged: comment forum hacking manipluation quality security spam user experience website
Add To 

Security »

I wanted to write something more useful today but instead I chose to waste a few hours on upgrading my current Symfony2 project to PR9 comming from PR7 effectively breaking it. Read More
Posted by girish.r 1360 days ago (http://test.ical.ly)
Discuss  | Read MoreBury | Tweet This | Tagged: release management releases security symfony2
Add To 

Security »

Hi, I am Lucas Carlson, founder and CEO of PHP Fog and the guy who hasn’t slept in almost 4 days. This is my story. Read More
Posted by girish.r 1367 days ago (http://blog.phpfog.com)
Discuss  | Read MoreBury | Tweet This | Tagged: phpfog
Add To 

Security »

7 security measures to take to keep PHPMyAdmin from being hacked. Read More
Posted by girish.r 1367 days ago (http://blog.inetu.net)
Discuss  | Read MoreBury | Tweet This | Tagged: mysql php phpmyadmin security sql sql server
Add To 

Security »

Maintainers of the PHP programming language spent the past few days scouring their source code for malicious modifications after discovering the security of one of their servers had been breached. Read More
Posted by girish.r 1369 days ago (http://www.theregister.co.uk)
Discuss  | Read MoreBury | Tweet This | Tagged: php.net breach concern safety source code
Add To 

Security »

There are many ways to handle security in a web application, and many things to think about. This is by no means an in-depth look on application security. It is meant to be an overview of how to use the security features included in FuelPHP. Read More
Posted by girish.r 1388 days ago (http://dhorrigan.com)
Discuss  | Read MoreBury | Tweet This | Tagged: security fuelphp
Add To 

Security »

Zend_Http_Client_Adapter_Socket and stream_copy_to_stream used by it may run into infinite loop on some hosting with old PHP 5.2.x. Find how to workaround the problem. Read More
Posted by girish.r 1394 days ago (http://pumka.net)
Discuss  | Read MoreBury | Tweet This | Tagged: beware stream_copy_to_stream zend_http_client_adapter_socket hang php 5.2.x zend framework
Add To