Hardened-PHP Project: Suhosin (Advanced PHP Protection)
In the ongoing quest of the guys over on the Hardened-PHP project to help protect PHP installs from the evils of the internet, there's a new project in development that could help make even more PHP...
View ArticleCommunity News: EncoderCompare.com Launched
When it comes to protecting your code, you definitely want to find the right product for your needs. Finding the information on all of the encoders out there can be a task in itself, though....
View ArticlePHPBuilder.com: Pro PHP Security / Preventing SQL Injection, Part 3
PHPBuilder.com continues their look at preventing SQL injections in your PHP scripts with this new tutorial, the third part of the excerpts from the APress book Pro PHP Security. They pick up where...
View ArticlePHP Security Blog: Suhosin 0.9.15 comes with Transparent phpinfo() Protection
According to this new post on the PHP Security Blog, there's a new META tag the Suhosin extension includes in the output of a phpinfo page to help resolve some of the issues with Google (and buddies)...
View ArticleStefan Esser's Blog: Suhosin 0.9.21 - XSS Protection
Stefan Esser has posted about the release of the latest version of the Suhosin security patch for PHP - version 0.9.21. It has been a very long time since the last Suhosin extension has been released,...
View ArticleJuozas Kaziukenas' Blog: HTML filtering and XSS protection
Juozas Kaziukenas has an example of how to keep you and your application's data safe from prying eyes by filtering input with the HTML_Purifier package. It's really hard to decide what data is...
View ArticleWeb Development Blog: E-mail links, protective solutions against SPAM
In a recent post to the Web Development Blog they talks a look at some methods you can use on your site to help reduce the amount of spam sent to email addresses by protecting them from scripts that...
View ArticleJason Stiles' Blog: How To Protect Your Site From XSS With PHP
In a recent post to his blog Jason Stiles takes a look at some of the things you can do with PHP to help protect your site from XSS (cross-site scripting attacks) with some basic filtering. Cross-Site...
View ArticleScript-Tutorials.com: Protection and Methodologies of Security...
On the Script Tutorials blog today there's a good summary post reminding you of some of the common security issues that your web application can face, mostly due to improper validation and filtering....
View ArticleGareth Heyes: Bypassing XSS Auditor
Gareth Heyes has posted about some bypasses that he's found for getting around the XSS Auditor functionality in some browsers: I had a look at XSS Auditor for a bit of fun because Mario said it's...
View ArticleElijah Horton: Sandboxing Untrusted Code With PHPSandbox
Elijah Horton has a recent post to his site sharing a tool he's developed to sandbox and validate PHP code of user-contributed code. Few quotes related to the PHP language are as pithy and...
View ArticleDreamInCode.com: Securing Login Forms From Brute-Force Attacks Using Queues
On the Dreamincode.com forum there's an interesting approach mentioned for security login forms from brute-force attacks using a queueing system rather than the usual real-time requests. Login forms...
View ArticleSitePoint PHP Blog: Asset Access Restriction Methods - Block Unwanted Visitors
In a new tutorial from the SitePoint PHP blog today Jeroen Meeus looks at a way to protect parts of your application from being used and abused. He shows you how to protect various parts of you site,...
View ArticleBarry vd. Heuvel: CSRF Protection in Laravel explained
Barry vd. Heuvel has a recent post to his site explaining how the Laravel framework has implemented CSRF protection natively. CSRF is short for Cross-site request forgery and is a type of security...
View Article
