Posts marked with “security”

Security Corner: Seven Deadly Sins of Security

by · January 3, 2020


While no list regarding security, risks, or best practices can ever be exhaustive, they often serve as decent starting points. Understanding some of the most common classes of security mistakes is a great way to begin a conversation about total application security. The following seven security risks are critical to any application development team; they’re easy mistakes to make but are equally easy to avoid if you keep your eyes open


Security Corner: Twist and Shout

by · November 7, 2019


By Eric Mann Most self-taught developers in our industry learn to leverage an API long before they spend time learning lower-level coding patterns. This experience isn’t necessarily a bad thing. All the same, it’s important to take some time to dig deeper and better understand the tools and technologies at the core of our trade. […]


Security Corner: Responsible Encryption

by · November 4, 2019


As early as 2018, many governments began calling for the tech community to create so-called “responsible encryption.” Their goal is for tech companies to provide blessed “back doors” for law enforcement to decrypt and otherwise inspect messages and data created by citizens within their borders. These calls and the arguments made to support them, however, […]


DDoS Attacks: Threat Landscape and Defensive Countermeasures

by · October 2, 2019


Imagine an army of 100,000 robots, each hitting reload on your home page, several hundred times per second. How quickly would your site or application die? Having had to field such attacks in a past life, I found surviving them to be extremely difficult. My odds improved over time from better understanding them and preparing […]


Defensive Coding Crash Course

by · August 16, 2019


By Mark Niebergall Ensuring software reliability, resiliency, and recoverability is best achieved by practicing effective defensive coding. Take a crash course in defensive coding with PHP as we cover attack surfaces, input validation, canonicalization, secure type checking, external library vetting, cryptographic agility, exception management, automatic code analysis, peer code reviews, and automated testing. Learn some […]


Renovating Applications with Symfony

by · August 2, 2019


The Symfony project has had a profound influence on the PHP ecosystem since its first release in 2005. Projects including Drupal, Laravel, and countless custom web applications, use Symfony components. This month, we look at the new features of Symfony 4 and how to modernize legacy code.


Security Corner: System Enumeration

by ·


The first step to protecting your system is to understand the actions, behaviors, and motivations of those who would potentially breach and damage that system. Learning to think like an attacker is excellent. Mastering the tools attackers are likely to use on your platform is even better. The question isn’t that they’ll get in, it’s what exactly they’ll do once they’ve breached your system.


Elasticsearch, Defensive Coding, and Maura Teal

by · July 23, 2019


Working with Elasticsearch, defensive coding practices, Maura Teal on her WordPress talks, preventing burn out, and more in Episode 22.


Find the Way With Elasticsearch

by · July 2, 2019


How are you going to find that? You don’t want to implement a search engine on your own as your content grows or integrate with real-world places and addresses. Instead, leverage the rich feature set of an established solution like ElasticSearch. This month we look at how to integrate it with your PHP application and use it to provide location-based search results.


Security Corner: Defending Against Insider Threats

by ·


When many people think about security, they naturally think about attacks from external threats and entities. They may originate outside of the application, network, or even organization. What we often fail to realize is the most critical threat is often users already inside your system.