Posts marked with “security”

Security Corner: Supply Chain Security

by · February 8, 2021


The recent security breach of SolarWinds was one of the worst the community has seen in recent years. It isn’t due to the used hack’s severity but the impact on almost all of SolarWinds’ downstream customers. Let’s look at if something like this could happen in the PHP ecosystem and what we could do to […]


Security Corner: Enforcing Subresource Integrity

by · January 8, 2021


Any scripts or styles you include into your web application are called “subresources.” As these files can impact your application’s overall operation, it is critical for writing secure software that you ensure the integrity of any subresource loaded into the page. Otherwise, an untrusted party might inject malware, cryptocurrency miners, or another malicious payload into […]


Security Corner: Circuit Breakers

by · December 3, 2020


If your application’s stability depends on the availability of a third-party system, the reliability of that external system becomes critical to the smooth operation of your own. The circuit breaker pattern is a proven way to protect against an unstable system causing problems with yours. Use it, and you won’t be surprised by an unplanned […]


Running Parallel

by · October 5, 2020


While we think of our scripts running for one request at a time, PHP web applications handle multiple, simultaneous requests at a time. In this issue, we look at asynchronous programming using Swoole, handling serverless file uploads, implementing security headers, dealing with race conditions, and more.


Security Corner: Configurable Security

by ·


Having a tool like Mozilla’s Observatory scan the health of your site is useless if you lack the tools to properly secure it and pass the inspections in the first place. You can set most of the required settings directly in the source of your application.


Security Corner: Observable Security

by · September 1, 2020


Among the easiest ways to ensure your website or web application is behaving security is to subject it to objective, third-party security scans. The Mozilla Observatory is one such tool that helps ensure strong security for any system operating on the public Internet. The Observatory automatically scans your website to make sure you correctly configure […]


Security Corner: Usable Security

by · August 6, 2020


An oft-overlooked aspect of any security practice or policy is its usability. Do the checks and controls added for the sake of security make the system harder for end-users to do their jobs? An unusable system will never be fully implemented and will fail to secure even the simplest of platforms.


Interview with Eric Mann, Security Corner contributor

by · June 23, 2020


In this Episode Eric van Johnson and John Congdon talk to Security Corner contributor Eric Mann about keeping your website secure. How a breach sparked his interest in security. The value of tokens and nonces. What area of security needs more attention. How to use end-to-end encryption for communication. Using Linux as your daily driver […]


Security Corner: Cross Site Request Forgery

by · June 4, 2020


Cross-site request forgery (CSRF) is a security risk where an attacker tricks a visitor into making a malicious request to your site from another, entirely unrelated site in their control. This particular vulnerability seemingly disappeared from most teams’ radars a few years ago but is beginning to reappear in the wild.


Advanced Design & Development

by ·


PHP adds syntax and slowly adapts to enable new programming techniques. Whether you are comfortable with imperative, object-oriented, or functional programming, the language does make it possible, and new syntax like arrow functions simplify the syntax. This issue looks into asynchronous PHP, new Browser APIs, building REST APIs, callables and closures in PHP, Code Igniter 4, and more!