Published News » Security
This article will tell you about various vulnerabilities in PHP Website. We will discuss the common mistakes in php sites and also tell how to correct them.
Read More
Brief recommendations to avoid SQL-Injection attacks with PHP. The importance of database users within our Web applications
Read More
PHP 5.3.9 release was mostly meant to fix a security bug, but it introduced a new more serious bug. PHP 5.3.10 was just released to fix this issue. Meanwhile Debian Linux maintainers decided to stop enabling the Suhosin extension by default. This extension is used by several Linux distributions to provide protection against present and future security bugs of PHP. Read this article to learn mor
Read More
PHP is widely used for various of web development. However, misconfigured server-side scripting would create all sorts of problem. And here are php security best practices that you should aware when configuring PHP securely. Nowadays most of the web servers are operated under Linux environment (like: Ubuntu, Debian...etc). Hence, in the following article, I am going to use list top 10 ways to enh
Read More
Back from my extended leave of absence, I’ll re-open the dusty cobwebbed depths of this blog to echo the sentiments of Paul Reinheimer in his recent article “Cookies don’t replace Sessions“. The topic is actually an old one since Ruby On Rails has adopted the strategy of storing application session data in cookies by default (take note, performance hounds).
Read More
You’ve heard of countless website and database breaches—and you’ve probably asked yourself how the attackers were able to get in. In many cases, minor vulnerabilities can be exploited to extend the attacker’s foothold and eventually compromise the entire server. In this six-part blog series, we will walk you through the process of completely compromising a target server on a recent web applicatio
Read More
Since the thing went public before new PHP version has been released, I present full details of the latest PHP vulnerability I reported - together with some sweet demo exploit. The issue was found with fuzzing being part of my recent file upload research. And I still have some more to show in the future :)
Read More
Discover the habits PHP developers should get into to implement Web applications that have both characteristics.
Read More
This rant is dedicated to my favourite gcc moronmaintainer, Andrew Pinski.
Read More
Web developers are in a lather following the discovery of a bug in the PHP programming language that causes computers to freeze when they process certain numerical values with large numbers of decimal places.
Read More
Here are few concerns we should take into consideration when developing application using PHP.
Read More
According to Wikipedia, SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or
Read More
It looks like the attacker got access to the Gmail account that was used for managing the domain. He set up a filter on the inbox forwarding all incoming mails to another E-Mail address. This way he also got access to our registrar GoDaddy and transfered our domain to the registrar OnlineNic. We contacted the GoDaddy Undo department but haven't got an answer yet.
Read More
The first part of a short tutorial about securing PHP applications.
Read More
If you're having problems with server load due to high volume of traffic you can try getting fast cheap web hosting for your sites. Although web hosting is part of the solution you also need to consider other bandwidth heavy website applications.
