Thread: Building Secure PHP Apps

Building Secure PHP Apps (buildsecurephpapps.com)

L 1 pts 0 comments by Benedmunds May 5, 2014 phpsecurity Programming (General)Security / Privacy thread

Building Searchable Encrypted Databases with PHP and SQL (paragonie.com)

L 4 pts 0 comments by inactive-user May 26, 2017 cryptographydatabasesphpsecurity Programming (General)Data / Databases / Infrastructure Security / Privacy thread

The 2018 Guide to Building Secure PHP Software - Paragon Initiative Enterprises Blog (paragonie.com)

L 6 pts 0 comments by inactive-user Dec 19, 2017 cryptographyphpsecurityweb Web Development Programming (General)Security / Privacy Internet / Digital Culture thread

Troy Hunt: Everything you ever wanted to know about building a secure password reset feature (troyhunt.com)

L 2 pts 0 comments by dwc Jul 23, 2012 security Security / Privacy thread

I Forgot Your Password: Randomness Attacks Against PHP Applications (youtube.com)

L 6 pts 1 comments by jtdowney Sep 8, 2012 phpsecurityvideo Programming (General)Security / Privacy thread

Password Hashing in PHP, The Right Way™ (longren.org)

L 2 pts 0 comments by tlongren Jan 3, 2014 phpprogrammingsecurity Programming (General)Security / Privacy thread

Building a Better PHP with HHVM and Hack: Part 1 (ey.io)

L 5 pts 0 comments by dshafik Mar 20, 2014 phpprogrammingscaling Programming (General)Productivity / Career / Business thread

Building a Better PHP — Part 2: Using HHVM (ey.io)

L 2 pts 0 comments by dshafik Mar 24, 2014 phpprogrammingscaling Programming (General)Productivity / Career / Business thread

Building a Better PHP — Part 3: Getting Started with Hack (blog.engineyard.com)

L 0 pts 0 comments by dshafik Apr 2, 2014 phpprogrammingscaling Programming (General)Productivity / Career / Business thread

Cracking PHP rand() (sjoerdlangkemper.nl)

L 7 pts 3 comments by jcs Feb 12, 2016 phpsecurity Programming (General)Security / Privacy thread

HTTP_PROXY security vulnerability in Go, PHP, Python CGI environments (httpoxy.org)

L 18 pts 5 comments by kb Jul 18, 2016 gophpsecurity Programming (General)Programming Languages / CS Theory Security / Privacy thread

How we broke PHP, hacked Pornhub and earned 20.000$ (evonide.com)

L 24 pts 3 comments by jcs Jul 23, 2016 phpsecurity Programming (General)Security / Privacy thread

Detecting potentially malicious PHP code using checksums and heuristics on parse trees (blog.garage-coding.com)

L 4 pts 0 comments by wsdookadr Sep 1, 2016 databasesjavaphpsecurity Programming (General)Data / Databases / Infrastructure Security / Privacy thread

SQL injections vulnerabilities in Stack Overflow PHP questions (laurent22.github.io)

L 24 pts 4 comments by grahamc Dec 4, 2016 databasesphpsecurity Programming (General)Data / Databases / Infrastructure Security / Privacy thread

Cryptographically Secure PHP Development (paragonie.com)

L 3 pts 0 comments by av Feb 10, 2017 phpsecurity Programming (General)Security / Privacy thread

Mitigating PHP's long standing issue with OPCache leaking sensitive data (ma.ttias.be)

L 5 pts 1 comments by inactive-user Feb 28, 2017 phpsecurity Programming (General)Security / Privacy thread

Guide to Automatic Security Updates For PHP Developers (paragonie.com)

L 1 pts 0 comments by inactive-user Jun 7, 2017 cryptographyphpsecurityweb Web Development Programming (General)Security / Privacy thread

sodium_compat: pure-PHP implementation of (most of) libsodium (github.com)

L 6 pts 3 comments by inactive-user Jun 10, 2017 cryptographyphpsecurityweb Web Development Programming (General)Security / Privacy thread

PHP 7.1.7 release (5 CVEs) (php.net)

L 3 pts 0 comments by Barnerd Jul 7, 2017 phpsecurity Programming (General)Security / Privacy thread

Includes 5 CVEs fixed in mbstring module (oniguruma)

"Wherein existing techniques for building secure systems are examined and found wanting" (2000) (cypherpunks.to)

L 9 pts 0 comments by hwayne Oct 28, 2017 formalmethodspdfsecurity Programming Languages / CS Theory Security / Privacy thread

h/t @nickpsecurity for the fantastic find. From "The Design and Verification of a Cryptographic Security Architecture", found [here](https://researchspace.auckland.ac.nz/bitstream/handle/2292/2310/02whole.pdf?sequence=2).

Improving PHP extensions as a persistence method (x-c3ll.github.io)

L 3 pts 0 comments by calvin Jul 30, 2018 phpsecurity Programming (General)Security / Privacy thread

RCE in PHP or how to bypass disable_functions in PHP installations (lab.wallarm.com)

L 3 pts 0 comments by calvin Dec 10, 2018 phpsecurity Programming (General)Security / Privacy thread

If you installed PEAR PHP in the last 6 months, you may be infected (arstechnica.com)

L 12 pts 1 comments by johnLate Jan 24, 2019 phpsecurity Programming (General)Security / Privacy thread

DARPA is Building a $10mil, OSS, Secure, Voting System (motherboard.vice.com)

L 16 pts 17 comments by nickpsecurity Mar 17, 2019 security Security / Privacy thread

Data exfiltration with FPM servers (HHVM and rarely PHP) (openwall.com)

L 7 pts 0 comments by lattera Jul 9, 2019 phpsecurity Programming (General)Security / Privacy thread

RCE through open PHP-FPM ports (openwall.com)

L 7 pts 5 comments by hanno Jul 27, 2019 phpsecurityweb Web Development Programming (General)Security / Privacy thread

disable_functions Bypass Exploit in PHP 7.1 to PHP 7.3 (github.com)

L 7 pts 2 comments by inactive-user Sep 28, 2019 phpsecurity Programming (General)Security / Privacy thread

Message Encryption in JavaScript and PHP with Libsodium (dev.to)

L 2 pts 0 comments by inactive-user Oct 20, 2019 cryptographyjavascriptphpsecurity Web Development Programming (General)Security / Privacy thread

Announcing the Bytecode Alliance: Building a secure by default, composable future for WebAssembly (bytecodealliance.org)

L 43 pts 33 comments by fitzgen Nov 12, 2019 securitywasm Web Development Programming Languages / CS Theory Security / Privacy thread

Fuzzing PHP with Domato (blog.jmpesp.org)

L 3 pts 0 comments by jvoisin Jan 4, 2020 phpsecurity Programming (General)Security / Privacy thread