Posts marked with “security”

Interview with Eric Mann, Security Corner contributor

by · June 23, 2020


In this Episode Eric van Johnson and John Congdon talk to Security Corner contributor Eric Mann about keeping your website secure. How a breach sparked his interest in security. The value of tokens and nonces. What area of security needs more attention. How to use end-to-end encryption for communication. Using Linux as your daily driver […]


Security Corner: Cross Site Request Forgery

by · June 4, 2020


Cross-site request forgery (CSRF) is a security risk where an attacker tricks a visitor into making a malicious request to your site from another, entirely unrelated site in their control. This particular vulnerability seemingly disappeared from most teams’ radars a few years ago but is beginning to reappear in the wild.


Advanced Design & Development

by ·


PHP adds syntax and slowly adapts to enable new programming techniques. Whether you are comfortable with imperative, object-oriented, or functional programming, the language does make it possible, and new syntax like arrow functions simplify the syntax. This issue looks into asynchronous PHP, new Browser APIs, building REST APIs, callables and closures in PHP, Code Igniter 4, and more!


Security Corner: Request Replay Protection

by · May 5, 2020


One of the most overused terms of security is “token.” It’s used in many different, often unrelated contexts to mean very different things. This month we’re going to discuss one form of tokens—replay prevention nonces—and how to use them.


Passwordless Authentication

by ·


Passwords are part of our everyday life. You may not even think about them most of the time, that is until you forget one. What if you never had to use a password again? What if I told you it was more secure not to have a password? Would you believe me? Find out why […]


Security Corner: Seven Deadly Sins of Security

by · January 3, 2020


While no list regarding security, risks, or best practices can ever be exhaustive, they often serve as decent starting points. Understanding some of the most common classes of security mistakes is a great way to begin a conversation about total application security. The following seven security risks are critical to any application development team; they’re easy mistakes to make but are equally easy to avoid if you keep your eyes open


Security Corner: Twist and Shout

by · November 7, 2019


By Eric Mann Most self-taught developers in our industry learn to leverage an API long before they spend time learning lower-level coding patterns. This experience isn’t necessarily a bad thing. All the same, it’s important to take some time to dig deeper and better understand the tools and technologies at the core of our trade. […]


Security Corner: Responsible Encryption

by · November 4, 2019


As early as 2018, many governments began calling for the tech community to create so-called “responsible encryption.” Their goal is for tech companies to provide blessed “back doors” for law enforcement to decrypt and otherwise inspect messages and data created by citizens within their borders. These calls and the arguments made to support them, however, […]


DDoS Attacks: Threat Landscape and Defensive Countermeasures

by · October 2, 2019


Imagine an army of 100,000 robots, each hitting reload on your home page, several hundred times per second. How quickly would your site or application die? Having had to field such attacks in a past life, I found surviving them to be extremely difficult. My odds improved over time from better understanding them and preparing […]


Defensive Coding Crash Course

by · August 16, 2019


By Mark Niebergall Ensuring software reliability, resiliency, and recoverability is best achieved by practicing effective defensive coding. Take a crash course in defensive coding with PHP as we cover attack surfaces, input validation, canonicalization, secure type checking, external library vetting, cryptographic agility, exception management, automatic code analysis, peer code reviews, and automated testing. Learn some […]