Posts marked with “security”

Defensive Coding Crash Course

by · August 16, 2019

0
 

By Mark Niebergall Ensuring software reliability, resiliency, and recoverability is best achieved by practicing effective defensive coding. Take a crash course in defensive coding with PHP as we cover attack surfaces, input validation, canonicalization, secure type checking, external library vetting, cryptographic agility, exception management, automatic code analysis, peer code reviews, and automated testing. Learn some […]

 

Renovating Applications with Symfony

by · August 2, 2019

0
 

The Symfony project has had a profound influence on the PHP ecosystem since its first release in 2005. Projects including Drupal, Laravel, and countless custom web applications, use Symfony components. This month, we look at the new features of Symfony 4 and how to modernize legacy code.

 

Security Corner: System Enumeration

by ·

0
 

The first step to protecting your system is to understand the actions, behaviors, and motivations of those who would potentially breach and damage that system. Learning to think like an attacker is excellent. Mastering the tools attackers are likely to use on your platform is even better. The question isn’t that they’ll get in, it’s what exactly they’ll do once they’ve breached your system.

 

Elasticsearch, Defensive Coding, and Maura Teal

by · July 23, 2019

0
 

Working with Elasticsearch, defensive coding practices, Maura Teal on her WordPress talks, preventing burn out, and more in Episode 22.

 

Find the Way With Elasticsearch

by · July 2, 2019

0
 

How are you going to find that? You don’t want to implement a search engine on your own as your content grows or integrate with real-world places and addresses. Instead, leverage the rich feature set of an established solution like ElasticSearch. This month we look at how to integrate it with your PHP application and use it to provide location-based search results.

 

Security Corner: Defending Against Insider Threats

by ·

0
 

When many people think about security, they naturally think about attacks from external threats and entities. They may originate outside of the application, network, or even organization. What we often fail to realize is the most critical threat is often users already inside your system.

 

Defensive Coding Crash Course

by ·

0
 

Ensuring software reliability, resiliency, and recoverability is best achieved by practicing effective defensive coding. Take a crash course in defensive coding with PHP as we cover attack surfaces, input validation, canonicalization, secure type checking, external library vetting, cryptographic agility, exception management, automatic code analysis, peer code reviews, and automated testing. Learn some helpful tips and […]

 

Security Corner: Credentials and Secrets Management

by · June 5, 2019

0
 

Managing passwords in userland is complicated. Luckily, consumer tools like 1Password and LastPass make it easier than ever to protect user credentials. Unfortunately, this doesn’t help with the credentials used by our servers or code. The ways developers manage application credentials are legion; some are right, others fatally flawed.

 

Security Corner: Access Control and Authorization

by · May 2, 2019

0
 

Proving the identity of a user isn’t the end of an application’s responsibilities: you must also verify the user is allowed to perform the actions they’re attempting. Conflating authentication (the act of identifying users) with authorization (the act of verifying their level of access within the system) is one of the most common ways applications have been breached in the recent past.

 

Meet the php[tek] Security Chairs

by · April 15, 2019

0
 

We’ve re-imagined the format of php[tek] this year in response to feedback from past attendees. We kept hearing a desire for a more cohesive, curated conference schedule which allows speakers to dig deeper into a topic than a general 50-minute talk permits. So we’re organizing the talks into eight focused tracks, where one talk builds […]