If you ask a group of programmers the most difficult topics they think there is in the area, there will be a lot of different responses, depending on which language they use and how skilled they are. Dynamic memory allocation, concurrency, coroutines, compiler optimizations are just some examples of those answers. I do hope I’m […]

Ciphers come in many different forms and have been used since ancient times to encode and decode vital messages. Today, we use complicated mathematics to encrypt and decrypt messages. Typically, we depend on shared and secret keys to ensure the message is only readable by the intended recipients. What if you don’t have the computing […]

Buzzwords permeate security. It’s vital for everyone working in application development to have a solid understanding of what the most common buzzwords are—partly so they can protect against misusing them.

Certificates issued to protect transport layer security (TLS) help identify servers and protect data in transit through encryption. They can also be used to identify clients making the connection. Let’s look at ways to handle TLS configuration and usage correctly in a PHP application.

A mid-January warning from the US National Security Agency about a critical security flaw in how the Windows operating system validates cryptographic certificates. As these certificates underpin how TLS (transport layer security) protects the internet at large, it’s essential to understand both what happened and how your development team can avoid similar mistakes.

The goal of any encryption operation is to scramble the patterns in the plaintext source data and otherwise protect its contents by rendering a specific message indistinguishable from random noise. A cryptographically-secure algorithm or implementation is one that can be mathematically proven to render data in such a state—there is no mathematical way to analyze […]

As early as 2018, many governments began calling for the tech community to create so-called “responsible encryption.” Their goal is for tech companies to provide blessed “back doors” for law enforcement to decrypt and otherwise inspect messages and data created by citizens within their borders. These calls and the arguments made to support them, however, […]

While not commonly seen in the wild, PHP exposes powerful interfaces empowering applications to manipulate large streams of data directly. Both stream wrappers and filters allow developers to interact with objects too large to fit in memory or which might be ephemeral in nature. Combining these stream interfaces opens up even more possibilities for the […]

Developers often conflate two different modes of data encryption when protecting the systems on which their applications run. One is encryption at rest. The other is application-level encryption. These approaches are similar, but they are not the same. It behooves the savvy developer to understand the difference.

By the time you read this, the PHP community should have introduced the world to the newest version of our favorite language. This latest version adds better support for type annotations, allows trailing commas in lists (just like JavaScript and other dynamic languages) and introduced several security improvements. The most notable security addition, however, is […]