Posts marked with “security”

Find the Way With Elasticsearch

by · July 2, 2019

0
 

How are you going to find that? You don’t want to implement a search engine on your own as your content grows or integrate with real-world places and addresses. Instead, leverage the rich feature set of an established solution like ElasticSearch. This month we look at how to integrate it with your PHP application and use it to provide location-based search results.

 

Security Corner: Defending Against Insider Threats

by ·

0
 

When many people think about security, they naturally think about attacks from external threats and entities. They may originate outside of the application, network, or even organization. What we often fail to realize is the most critical threat is often users already inside your system.

 

Defensive Coding Crash Course

by ·

0
 

Ensuring software reliability, resiliency, and recoverability is best achieved by practicing effective defensive coding. Take a crash course in defensive coding with PHP as we cover attack surfaces, input validation, canonicalization, secure type checking, external library vetting, cryptographic agility, exception management, automatic code analysis, peer code reviews, and automated testing. Learn some helpful tips and […]

 

Serverless PHP, Array Functions, and Data Structures with Chris Tankersley

by · June 17, 2019

0
 

Eric, John, and Oscar are back post-php[tek] to discuss the June 2019 issue.

 

Security Corner: Credentials and Secrets Management

by · June 5, 2019

0
 

Managing passwords in userland is complicated. Luckily, consumer tools like 1Password and LastPass make it easier than ever to protect user credentials. Unfortunately, this doesn’t help with the credentials used by our servers or code. The ways developers manage application credentials are legion; some are right, others fatally flawed.

 

Security Corner: Access Control and Authorization

by · May 2, 2019

0
 

Proving the identity of a user isn’t the end of an application’s responsibilities: you must also verify the user is allowed to perform the actions they’re attempting. Conflating authentication (the act of identifying users) with authorization (the act of verifying their level of access within the system) is one of the most common ways applications have been breached in the recent past.

 

Meet the php[tek] Security Chairs

by · April 15, 2019

0
 

We’ve re-imagined the format of php[tek] this year in response to feedback from past attendees. We kept hearing a desire for a more cohesive, curated conference schedule which allows speakers to dig deeper into a topic than a general 50-minute talk permits. So we’re organizing the talks into eight focused tracks, where one talk builds […]

 

Security Corner: The Risk of Lists

by · April 3, 2019

0
 

The OWASP Top Ten is required reading for anyone in software development, regardless of whether or not your role focuses on security. It’s a useful guide to get you started thinking from a strong security mindset. Be careful, however, to avoid thinking the list is exhaustive or provides comprehensive security for your application or system.

 

Security Corner: Intrusion Detection

by · March 4, 2019

0
 

Home security systems are an early warning to potential theft or abuse of our personal property. They’re useful because they alert us (and the police) to a problem before the theft happens. Logging and monitoring of our applications and digital systems can similarly help protect our customers and their data. By leveraging an automated intrusion […]

 

Security Corner: Strong Security Stance in the New Year

by · January 7, 2019

0
 

January is a month all about setting resolutions for the new year. A new diet. A new budget. A new FOSS contribution goal. In 2019, let’s intentionally focus on keeping our projects safe and taking a strong stance on security.