A Tech Discovery Blog on PHP, Ajax, Security and Social Media.
If you’re working on PHP 4.x, here’s a tool which checks if your codebase is succeptible to Cross site scripting or SQL injection. Pixy is a Java program that performs automatic scans of PHP 4 source code, aimed at the detection of XSS and SQL injection vulnerabilities. Pixy takes a PHP program as input, [...]
Read More...
Stefan shows how shared hosting environments could lead to security threat to your site, allowing another site on the same host to hijack cookies from your site. Within a shared hosting environment it is sometimes quite often possible to bind yourself to some high TCP port and accept incoming connections. Sometimes this is possible because [...]
Read More...
Here’s a cool way to scan a site visitor’s network using just HTML and the user’s browser. The concept of doing network scanning via JavaScript is hardly new and is quite easy for anyone with even cursory knowledge of JavaScript. However, the assumption was that as long as you browse the web with JavaScript disabled [...]
Read More...
If you would like to prevent Apache from exposing the version information in every request to the server, all you have to do is to put in the following lines into your apache configuration file: ServerTokens ProductOnly ServerSignature OffNow that we’re not exposing the Apache version, let’s hide the PHP version also. To do this, [...]
Read More...
Here’s an interesting read from Thomas Myer on encryption of data using PHP. “In this increasingly virtual online world, you have to be careful to protect your data. Learn the basics of encoding and encrypting important bits of information, such as passwords, credit card numbers, and even entire messages. Get an overview of what it [...]
Read More...
Want to get your Web applications scanned for security? Here’s a new service from Mayflower GmBH called Chorizo! You can sign up for a free account to scan one site. They also have a paid version if you’d like to scan more sites. Once you sign up for the service, all you have to do [...]
Read More...
Here’s a cool site where you can test some of your XSS skills. You’ll have to go through all the stages of this workshop, if you’re able to inject a javascript through XSS to get the password to the next stage. See how many stages you can complete : XSS Workshop – Stage 1
Read More...
Cleaning up your inputs from $_POST, $GET and $_REQUEST is an important task if you’re looking at security of your PHP applications. You can prevent most kinds on Cross Site Scripting (XSS) attacks if you know how to clean up the user inputs. Here’s how to do it using an Input filtering class from PHP [...]
Read More...
All existing Joomla! users MUST UPGRADE to this version, due to several High Level vulnerabilities that affect ALL Previous versions of Joomla! 1.0.10 contains the following important security fixes: * 03 High Level Security Fixes * 01 Medium Level Security Fixes * 05 Low Level security * 40 General bug fixes Link: Joomla! – Upgrade [...]
Read More...
Yet another article on how to prevent spammers from using your mail scripts to send spam. Anyone who has an email address can tell you that spam is one of the great banes of the online world. But it’s not only distant servers owned by the spammers that are to blame. It may even be [...]
Read More...
Subscribe to this site's RSS feed.