Published News » Security
In our previous post “Writing secure codes in PHP” we discussed about the most basic tips on creating secure PHP applications. Here we provide more insight to one of the threats discussed.
It may considerably reduce XSS attack possibilities if not completely eradicate it. XSS, or Cross Site Scripting, is probably the most common security problems in web applications that engage in heavy user input. If you’ve ever tried to build a web application that users can input data in a lot of different venues, chances are it has a security hole somewhere that allows XSS attacks. Don’t panic
Wordpress 2.9.2 is the latest version release with the simple point to improve its flexibility and security. If you have untrusted authors logging into your blog may lead to trash of your articles, your are recommended to use the latest Wordpress 2.9.2.
A lot of tweets today informed me about launch of Damn Vulnerable Web App (DVWA) which is basically an aid for security professionals to test their skills and tools and help web developers better understand the processes of securing web applications.
I had an old list of tools/plug-ins/utilities etc which can be helpful while playing with DVWA and I'd like to share the same for you to learn We
Everyone who cares about security will remember the Debian Openssl disaster in 2008. The debian developers had patched their version of openssl to fix compiler warnings. This resulted in a broken random number generator that made all keys generated by Debian systems predictable. One would think that Debian developers are more careful with patching “bugs” in security tools since that day.
During the era of a rapidly growing Internet market security has to be one of the prime concerns of a web developer. Today the content online includes something more than plain text. Personal details, bank transactions, socialising details are few of the many things stored on the Internet by users who blindly trust service providers for securing it. As a beginner in any web-development area, a q
If you were a sysadmin a few years ago, and you had php on your servers, you're probably already familiar with c99. In case you haven't had the personal | Eric Lamb
When you’re developing applications or a website using MySQL, there are a few tips you can follow to enhance the security of your database. When you create a database and use PHP to code your applications you’re automatically faced with hash security risks that can hinder what you’ve worked hard to develop. Below, we’re going to touch base on a few Vital MySQL Development Security Tips that will
Every version comes with improvements, but until we get a completely secure WordPress version we have to find ways to improve the security ourselves. Here are 10 great ways to improve the security of your WordPress powered website.
If your web server’s access permissions are wrong, it will be easier for somebody to take control over your server. So, next 3 advices are how to fix your access rights:
As the Web continues its march towards becoming the de facto interface for the world's software applications, developers must find effective ways to not only communicate with server processes such as MySQL, but also other operating system tools such as a shell or Ruby script. In this tutorial, I'll show you how to securely execute a variety of system-based commands via a PHP script, demonstrating
There is a new article about a popular PHP e-commerce application, OpenCart, which is vulnerable to CSRF attacks but the creator isn't acknowledging the problem. The article highlights the problem with the inexperienced developers and how it is easy for a developer to create web applications but put thousands of businesses at risk. The PHP community is asked on how an issue like this could be ha
Here is the first post of PHP Best Practices Series. We’ll begin with (in my opinion) the most important aspect of web developing – the security.
If you write code this book deserves a place on your bookshelf. It clearly demonstrates the sin, but shows how to find it and fix it (in several different languages C.C++ perl, php etc.). It may not cover every possible sin, but as the authors say if you do everything in this book you are doing pretty well.
Being an efficient developer often means abstracting functionality such that a single function can be applied to a variety of uses across an application. Even as this decreases risk of errors, time to develop, and the attack surface necessary to secure the application it also makes implementing security more difficult.
