Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

ServerGrove Blog:
Security tools for PHP projects
Mar 23, 2015 @ 12:19:13

On the ServerGrove blog there's a new post looking at some of the currently available PHP security tools you can use to help keep your applications safe.

Security is getting more and more important, and the PHP community has been doing great improvements in this topic during the last few years. From better configuration settings to provide some level of security by default to frameworks providing functionality to avoid common attacks such as XSS, CSRF or SQL injection. [...] Well, any piece of software can have bugs, and obviously open source projects are not an exception. The good point is that security researchers, once they find a vulnerability, it is reported and added to a database of known vulnerabilities. We basically need to find a way to avoid using code with known vulnerabilities, and there are some interesting tools out there to help us.

They list four tools that focus on different areas of the security of your application to help provide good basic coverage:

One thing to note, these are all automated tools so they shouldn't be relied upon exclusively to ensure the security of your application. Testing and evaluation of the codebase with these and other testing tools should always be done as well.

tagged: security tools list checker advisories roave composer iniscan versionscan

Link: http://blog.servergrove.com/2015/03/23/security-tools-php-projects/

Marco Pivetta:
roave/security-advisories: Composer against Security Vulnerabilities
Dec 30, 2014 @ 12:12:40

As Marco Pivetta has mentioned in his latest post to his site, Roave has released a tool for use with Composer that helps prevent vulnerable versions of software from even being installed (based on the data from the security-advisories data from FriendsOfPHP).

Since it's almost christmas, it's also time to release a new project! The Roave Team is pleased to announce the release of roave/security-advisories, a package that keeps known security issues out of your project.

The tool makes use of a "conflict" metapackage, mentioned in the Composer spec, and fails when the software and version is listed in the FriendsOfPHP information. This integration with Composer means that there's no need to run a separate tool for the checks to be made. It's integrated into the workflow and will dynamically fail without the need for you to update anything.

tagged: roave securityadvisories prevent vulnerable software composer install

Link: http://ocramius.github.io/blog/roave-security-advisories-protect-against-composer-packages-with-security-issues/


Trending Topics: