News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHPClasses.org:
Lately in PHP Podcast #48 - To TDD or Not TDD?
June 27, 2014 @ 11:38:37

On the PHPClasses.org site today Manuel Lemos has released the latest episode in their "Lately in PHP" podcast series: Episode #48 - To TDD or Not TDD?.

Lately the debate about whether you should use TDD or not in all software projects all the time has been very intense. [...] They also talked about the upcoming end of life release of PHP 5.3, getting information of parameter type hinting with reflection, using object methods on native data types, security problems of OAuth implementations, and the built-in support of Composer to access password protected repositories.

You can listen to this latest episode either through the in-page audio player, by downloading the mp3 or you can watch the live recording over on the PHPClasses YouTube playlist. A transcription of the recording is also provided as well as links to some of the topics mentioned.

0 comments voice your opinion now!
phpclasses latelyinphp ep48 podcast tdd typehint oauth security composer

Link: http://www.phpclasses.org/blog/post/239-To-TDD-or-Not-TDD--Lately-in-PHP-podcast-episode-48.html

PHP.net:
PHP 5.4.30 & 5.5.14 Released
June 27, 2014 @ 09:49:17

PHP.net has posted two new release announcements today, one for PHP 5.4.30 and the other for PHP 5.5.14.

For the PHP 5.4.30 release:

The PHP development team announces the immediate availability of PHP 5.4.30. Over 20 bugs were fixed in this release, including the following security issues: CVE-2014-3981, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-4049, CVE-2014-3515. All PHP 5.4 users are encouraged to upgrade to this version. Please, note that this release also fixes a backward compatibility issue that has been detected in the PHP 5.4.29 release.

For the PHP 5.5.14 release:

The PHP Development Team announces the immediate availability of PHP 5.5.14. This release fixes several bugs against PHP 5.5.13. Also, this release fixes a total of 8 CVEs, half of them concerning the FileInfo extension. All PHP users are encouraged to upgrade to this new version. Please, note that this release also fixes a backward compatibility issue that has been detected in the PHP 5.5.13 release.

As always you can download these latest releases from the main downloads page (or here for Windows users) and see the complete list of changes in the Changelog.

0 comments voice your opinion now!
language release bugfix security update

Link: http://www.php.net/archive/2014.php#id2014-06-26-1

PHP.net:
PHP Versions 5.5.13 & 5.4.29 Released
May 30, 2014 @ 09:28:21

The PHP.net development group has made two release announcements today about the latest versions in both the PHP 5.4.x and 5.5.x series: PHP 5.4.29 as well as PHP 5.5.13.

This release [of PHP 5.5.13] fixes several bugs in PHP 5.5.12, and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237). [Additionally, in PHP 5.4.29] 16 bugs were fixed in this release, including two security issues in fileinfo extension. All PHP 5.4 users are encouraged to upgrade to this version. [...] All PHP users are encouraged to upgrade to these new versions.

As always, you can get these latest releases from either the main downloads page or windows.php.net for the Windows users out there. For the complete list of changes in either release, see the full Changelog.

0 comments voice your opinion now!
language release bugfix security update

Link: http://www.php.net/archive/2014.php#id2014-05-29-5

PHPClasses.org:
Is Your OAuth 2.0 Application Secure?
May 26, 2014 @ 11:29:39

The PHPClasses.org blog has a new post highlighting a vulnerability in the OAuth 2.0 specification that's been talked about quite a bit lately, the Covert Redirect Vulnerability. This issue allows potential attackers to trick users into redirecting to malicious sites and possibly gain access to personal information.

This vulnerability affects applications that implement protocols like OAuth 2.0 and OpenID. Lets see how this affects an OAuth 2.0 application. [...] The way it works is that your application redirects to a specific page of the Facebook site. There the user is asked if he wants to give your application permission to access Facebook API on his behalf. After the user agrees, his browser is redirected back to your site to a URL that your application specified called redirect_uri. From then on your site completes the process to get a special access token string that will be used by your site to access Facebook API on behalf of the user.

This token represents the user and can then be used to access the user's account. If that token fell into the wrong hands, they could access data they shouldn't. He includes a diagram of the flow and a link to a video explaining the problem in a bit more depth. He recommends three ways to help prevent this issue and what to look for in your implementation that could leave you vulnerable.

0 comments voice your opinion now!
oauth2 security redirect uri malicious attack

Link: http://www.phpclasses.org/blog/package/7700/post/4-Is-Your-OAuth-20-Application-Secure.html

PHPClasses.org:
OpenSSL Serious Security Bug Does it Affect Your PHP sites?
April 10, 2014 @ 11:55:37

In the wake of the announcement of the Heartbleed vulnerability in the widely used OpenSSL software, the PHPClasses blog has posted a look at how it relates to PHP applications and how you can see if your application is effected.

Just a few days ago it was publicly announced a serious security bug called Heartbleed that affects secure sites based on the OpenSSL library. Read this article to learn more about this security problem, how to test if your Web server or SSH server is vulnerable, how it may affect your PHP sites, what you should do to fix the problem.

They start with a look at the bug, what it is and why it's such a big problem. It talks about what kinds of applications are vulnerable (hint: it has nothing to do with the PHP) and how you can test to see if your server is secure. The rest of the post talks about how to resolve the issue and how it relates to OpenSSL connections to other servers and SSH.

0 comments voice your opinion now!
openssl bug heartbleed security effect webserver

Link: http://www.phpclasses.org/blog/post/231-OpenSSL-Serious-Security-Bug-Does-it-Affect-Your-PHP-sites.html

PHP.net:
PHP 5.4.27 Released
April 04, 2014 @ 09:28:42

The PHP development group has officially posted the latest in the PHP 5.4.x series of the language - PHP 5.4.27, a bugfix release that includes the security fix for CVE-2013-7345.

The PHP development team announces the immediate availability of PHP 5.4.27. 6 bugs were fixed in this release, including CVE-2013-7345. All PHP 5.4 users are encouraged to upgrade to this version.

Other updates include fixes to the GMP, Mail, OpenSSL and MySQLi extensions. As usual, you can download this latest release from the downloads page or on the Windows site for the binaries. For a complete list of changes, see the latest notes in the Changelog.

0 comments voice your opinion now!
language release bugfix security update

Link: http://php.net/index.php#id2014-04-03-1

PHP.net:
PHP 5.5.11 is released
April 03, 2014 @ 13:02:19

PHP.net has announced the latest release in the PHP 5.5.x series today - PHP 5.5.11.

The PHP development team announces the immediate availability of PHP 5.5.11. Several bugs were fixed in this release, some bundled libraries updated and a security issue has been fixed : CVE-2013-7345. We recommend all PHP 5.5 users to upgrade to this version.

Fixes in this release include:

  • Updates to core
  • Fixes in the cURL extension
  • Bugs corrected in the GD extension
  • A fix for the CVE-2013-7345 security issue in Fileinfo

You can download this latest release directly from the downloads page (Windows users here and you can find the full list of changes in the Changelog.

0 comments voice your opinion now!
language release bugfix security update

Link: http://www.php.net/archive/2014.php#id2014-04-02-1

Three Devs and a Maybe Podcast:
Web Application Security - Part 2
March 28, 2014 @ 11:36:18

The Three Devs and a Maybe podcast has release their latest episode today - Web Application Security - Part 2 (Episode #17).

This week we wrap-up the top ten security risks compiled by OWASP, with discussion on topics including CSRF (Cross Site Request Forgery) and Known Component Vulnerabilities. Also included this week is a brief introduction to Hack and are thoughts on the programming language Go.

If you missed the first part of the series, you can find part one here. You can listen to this latest show by downloading the mp3 or you can subscribe to their feed and get this and other episodes as they're released.

0 comments voice your opinion now!
threedevsandamaybe podcast ep17 application security part2

Link: http://threedevsandamaybe.com/posts/web-application-security-part-2/

Three Devs & A Maybe Podcast:
Web Application Security - Part 1
March 24, 2014 @ 09:28:17

The "Three Devs and a Maybe" podcast has released its latest episode, Episode 15 - Web Application Security - Part 1. Listen in as hosts Lewis Cains and Edd Mann talk about secure web development.

With another two man crew this week we decided to make a start our discussion on all things Web Security. Directed at PHP developers, we go over the top five security risks compiled by OWASP (The Open Web Application Security Project).

Topics discussed include the OWASP Top 10 project, Cross-site scripting attacks, secure session management tips and the use of HTML purifier. You can listen to this latest episode by downloading it directly from the episode's page.

0 comments voice your opinion now!
application security threedevsandamaybe podcast ep15

Link: http://threedevsandamaybe.com/posts/web-application-security-part-1/

PHPClasses.org:
Lately in PHP Podcast #45 - "The Security of Future PHP Versions"
March 13, 2014 @ 13:17:41

The latest episode of the "Lately in PHP" podcast series has been released by PHPClasses.org today - Episode 45, "The Security of Future PHP Versions".

As the plans for the upcoming PHP 5.6 and PHP 6 versions are being finalized, some of the proposals are about improving the security of these future PHP versions. That has been one of the main topics discussed by Manuel Lemos and César Rodas on the episode 45 of the Lately in PHP podcast. They also have talked about several other types of proposals and ideas for PHP 6, as well a tutorial on How to Use a Webcam to take Pictures in PHP Application.

You can listen to this latest episode in a few ways - either through the in-page audio player, by downloading the mp3 or you can watch the live recording over on YouTube.

0 comments voice your opinion now!
phpclasses latelyinphp ep45 security version future

Link: http://www.phpclasses.org/blog/post/229-The-Security-of-Future-PHP-Versions--Lately-in-PHP-podcast-episode-45.html


Community Events





Don't see your event here?
Let us know!


series release unittest configure developer laravel list community framework wordpress podcast testing refactor opinion interview introduction language threedevsandamaybe code install

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework