Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

ServerGrove Blog:
Security tools for PHP projects
Mar 23, 2015 @ 17:19:13

On the ServerGrove blog there's a new post looking at some of the currently available PHP security tools you can use to help keep your applications safe.

Security is getting more and more important, and the PHP community has been doing great improvements in this topic during the last few years. From better configuration settings to provide some level of security by default to frameworks providing functionality to avoid common attacks such as XSS, CSRF or SQL injection. [...] Well, any piece of software can have bugs, and obviously open source projects are not an exception. The good point is that security researchers, once they find a vulnerability, it is reported and added to a database of known vulnerabilities. We basically need to find a way to avoid using code with known vulnerabilities, and there are some interesting tools out there to help us.

They list four tools that focus on different areas of the security of your application to help provide good basic coverage:

One thing to note, these are all automated tools so they shouldn't be relied upon exclusively to ensure the security of your application. Testing and evaluation of the codebase with these and other testing tools should always be done as well.

tagged: security tools list checker advisories roave composer iniscan versionscan

Link: http://blog.servergrove.com/2015/03/23/security-tools-php-projects/

Fabien Potencier:
The PHP Security Advisories Database
Oct 27, 2014 @ 16:54:48

Fabien Pontencier has made an official announcement about a move to make the PHP Security Database the Symfony project started over a year ago. In the announcement he talks about the move to (hopefully) make it more widely adopted - pulling it out from under the Symfony namespace and into the FriendsOfPHP organization.

A year and a half ago, I was very proud to announce a new initiative to create a database of known security vulnerabilities for projects using Composer. It has been a great success so far; many people extended the database with their own advisories. As of today, we have vulnerabilities for Doctrine, DomPdf, Laravel, SabreDav, Swiftmailer, Twig, Yii, Zend Framework, and of course Symfony (we also have entries for some Symfony bundles like UserBundle, RestBundle, and JsTranslationBundle.)

[...] Today, I've decided to get one step further and to clarify my intent with this database: I don't want the database to be controlled by me or SensioLabs, I want to help people find libraries they must upgrade now. That's the reason why I've added a LICENSE for the database, which is now into the public domain.

The database has already been moved over to the FriendsOfSymfony organization and is still functioning with the SensioLabs security checker. You can find more on the database and its contents in this GitHub project.

tagged: security advisories database public domain friendsofphp

Link: http://fabien.potencier.org/article/74/the-php-security-advisories-database

Nexen.net:
PHP/MySQL Application Security Advisories
Nov 21, 2005 @ 12:13:28

On Nexen.net today, there's a large new list of PHP/MySQL application security alerts accumulated for this last week.

The list includes problems with: AlstraSoft Template Seller Pro, EasyPageCMS, Horde, Mambo, the PEAR Installer, PHP-Nuke, phpBB, phpMyAdmin, and PHPSysInfo.

For the complete list and links to more information about the issues, check out this full post...

tagged: application security advisories application security advisories

Link:

Nexen.net:
PHP/MySQL Application Security Advisories
Nov 21, 2005 @ 12:13:28

On Nexen.net today, there's a large new list of PHP/MySQL application security alerts accumulated for this last week.

The list includes problems with: AlstraSoft Template Seller Pro, EasyPageCMS, Horde, Mambo, the PEAR Installer, PHP-Nuke, phpBB, phpMyAdmin, and PHPSysInfo.

For the complete list and links to more information about the issues, check out this full post...

tagged: application security advisories application security advisories

Link:


Trending Topics: