Upcoming News » Security
When I said recently that we still need the Open Source Initiative (OSI), it started a flood of comment. There's no doubt that we need OSI - but we need a better OSI. The one we have now is just too small to be effective and too mired in past successes; a renaissance is needed. You can help.
Read More
6 Free PHP Security & Auditing Tools. Lack of knowledge of the weakness of PHP can make a web site more prone to attacks. In our attempt to help you make your PHP site and web applications more secure, we've compiled a list of useful PHP security and auditing tools.
Read More
The Month of PHP Security is over and the MOPS CFP Committee has made a final decision about the ranking of the articles and tools submitted to us. And the winners are…
Read More
Hi friends,
In this post, i would like to explain what is sql injection and how to prevent from this attacks to our website.
SQL Injection:
SQL injection is another vulnerability of PHP.
Read More
It goes without saying that sensitive information such as passwords or pass phrases should never be stored in plain text in the database in the first place. The common practice is to hash the user password and store the hash string of the password in the database. When the user tries to log in and supplies his password, it is used to generate a hash string to be compared to the one stored in the
Read More
A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = DojoProvider of information security consulting and training services. Your trusted security advisor.
Read More
Just about finished a gumbar cleanup, for a small Hong Kong company. This is not the first crack I've seen in the last few months, I fixed another server last month that got ssh brute force attacked. It looks like cracking is on the up, so if you need help fixing a site, by someone who knows what they are doing, and at the same time you will help out a number of open source projects - give me a b
Read More
It's hard to tell how truly secure your website is. We personally consider Drupal to be very secure in comparisson to other Content Management Systems out there, and it can always be improved. I'm gonna go through a handful of modules that I always keep handy and often install. Know beforehand, some module settings or even modules might not be useful to specific projects, be discrete.
Read More
Three years ago the Hardened-PHP project organized the Month of PHP Bugs. During one month I disclosed more than 40 vulnerabilities in the PHP interpreter in order to improve the overall security of PHP. In the history of PHP this event has been one of a kind. But now, three years later, my company SektionEins GmbH will continue in the same spirit and organize the Month of PHP Security. Our prepa
Read More
Ben Maynard has released a secured version of OpenCart that fixes several security issues. Some of the security fixes are:
* CSRF Protection
* Local File Injection
* Disabled ability to view source code in template files
Read More
As the Web continues its march towards becoming the de facto interface for the world's software applications, developers must find effective ways to not only communicate with server processes such as MySQL, but also other operating system tools such as a shell or Ruby script. In this tutorial, I'll show you how to securely execute a variety of system-based commands via a PHP script, demonstrating
Read More
It turns out that web2project was vulnerable to a handful of select Cross Site Scripting (XSS: definition) vulnerabilities. While the attack vector was pretty specific to being an already authenticated user, it had the potential to be a major problem in a poorly configured system.
Read More
Ubuntu has issued an update for PHP. The update fixes some vulnerabilities that malicious coders can exploit either to bypass certain security restrictions or to conduct cross-site scripting attacks.
Read More
I’m pretty weary. All this week working on what/how/where/when implementations, starting with logic “what will this object hold?”. Working on the prototype of OpenType Threads has made realize how important it is to detail a plan, it’s good but also a bit lonely hopefully when I launch the prototype I hope some developers join me along.
Read More
CakePHP is giving Security Level High. It means in CakePHP Security Level and Session Timeout both are relative to each other. So if you want to change Security Level and Session Timeout in CakePHP then read this post.
Read More
