@2013-05-16
Effective Security Logging with Monolog
Logging is a tricky subject - what to log, when to log and what tools to use.
#logging
#monolog
#audit
@2013-05-02
The Secure Development Lifecycle
Learn about Microsoft's industry standard secure development practices.
#secure
#development
#lifecycle
#microsoft
@2013-04-01
Effective Validation with Respect
The Respect Validation library helps validate and protect from bad user data.
#validation
#library
#respect
#filter
@2013-03-20
DREADing Your Security
Using the DREAD threat modeling framework you can get a better view of the risk of your application.
#dread
#threatmodel
#rating
#coreconcepts
@2013-03-05
Two-Factor the Yubikey Way
The Yubikey USB hardware token makes two-factor authentication as easy as pushing a button.
#twofactor
#yubikey
#api
@2013-02-18
Safety in PHP Dependencies with Composer
Composer providies easy package management for PHP developers, but be careful with what you use.
#composer
#packagist
#thirdparty
#library
#module
@2013-02-14
API Authentication: HMAC with Public/Private Keys
Implementing a public/private HMAC hashing layer to your API helps authenticate and validate the request.
#api
#authentication
#publickey
#privatekey
#hmac
@2013-02-04
Beware the Mass Assignment
Mass assignment vulnerabilities can be a hard-to-find issue in your applications. Learn how to prevent them.
#vulnerability
#massassignment
#model
@2013-01-28
Core Concepts: Attack Surface
Knowing the exposed points of your application can help heighten your security and defenses.
#coreconcepts
#attack
#surface
@2013-01-21
Password Hashing with Zend\Crypt
The Zend\Crypt component of the Zend Framework makes bcrypting your passwords simple.
#encrption
#bcrypt
#password
#hash
@2013-01-11
Google's Two-Factor Auth - Online or Offline
The Google Authenticator smartphone application makes two-factor auth simple, even without a connection.
#twofactor
#authentication
#google
#authenticator
@2013-01-09
Two-Factor Auth Integration with Duo Security
Using the Duo Security API you can manage multiple users and integrations, all through a REST interface
#twofactor
#authentication
#duosecurity
#api
#webservice
@2013-01-07
Easy Two-Factor Authentication with Authy
Using the Authy REST API, you can quickly and easily integrate two-factor auth into your system.
#twofactor
#authentication
#authy
#api
#webservice
@2012-12-31
Security in the Round
Keeping the "bigger picture" in mind when assessing the security of your application is vital.
#security
#theaterintheround
#policy
@2012-12-19
SQLi in NoSQL - A Word of Warning
Just because you're using a NoSQL db doesn't mean you're safe from SQL injections.
#sqli
#sqlinjection
#nosql
#mongodb
@2012-11-26
Core Concepts: Attack Patterns
Attack patterns provide a common language to refer to threat types and methods of attack.
#attack
#pattern
#coreconcepts
@2012-11-19
STRIDEing for Security
The STRIDE method of threat modeling gives you a simple way to evaluate the possible weak points in your application.
#stride
#sdlc
#threatmodel
@2012-11-12
Code Defensively
Sometimes the best defense is a good offense - "think like an attacker" with these hints to prevent exploits.
#code
#bestpractice
#tutorial
@2012-10-29
The External CSRF Threat & Protecting Your App
Cross-site Request Forgeries are still a common threat. Learn how to protect your app from this pesky issue.
#csrf
#introduction
@2012-10-22
Fail Fast Securely
One key to keeping an app secure is the when & how of dealing with failure.
#code
#exception
#error
#tutorial
@2012-10-12
Core Concepts: Defense in Depth
Part of the "Core Concepts" series, examines the "Defence in Depth" thought pattern to secure your app.
#coreconcepts
#defenseindepth
@2012-10-02
An Introduction to Content Security Policy
Learn how to protect your site with a Content Security Policy limiting Javascript, CSS and reporting.
#csp
#policy
#tutorial
#introduction
@2012-10-01
Using Mozilla Persona with PHP & jQuery
An introduction to this new tool and implementing it with jQuery and a bit of PHP
#mozilla
#persona
#tutorial
#javascript
#jquery
@2012-09-21
Tools of the Trade: WebGoat & DVWA
Learn about the WebGoat and Damn Vulnerable Web Application tools to practice your testing skills.
@2012-09-14
Dirty Data: Protecting Your App from Your Users
All user data is tainted, but how to you effectively deal with it? Read on...
@2012-09-10
Encrypted Sessions with PHP
Use a simple custom session handler in PHP to protect your session data on the server.
@2012-09-05
A Silent Threat - PHP in EXIF
@2012-08-29
TCrypto: Encrypted data storage for PHP applications
Learn how to use the TCrypto library to protect your data.
@2012-08-27
Preventing XXE in PHP
XML External Entity attacks are a lesser-known threat, learn how to protect your PHP application.
@2012-08-24
Shared Hosting: PHP Session Security
A few things to think about when using PHP sessions, especially on a shared server.
@2012-08-21
Effective File Upload Handling Tips
Handling user input can be tricky, file uploads even more so - here's some do's, don't and musts.
@2012-08-18
OWASP Top Ten: Broken Authentication and Session Management
A look at one of the "Top 10" from the OWASP largest vulnerabilities list
#owasp
#session
#authentication
@2012-08-17
Casting Your Net: Securing Your Site with Skipfish
See how to use this simple tool to help find flaws in your applications.
@2012-08-15
Protect Yourself with the Google Safe Browsing API
Google offers an API that tells you if a site is "safe". Read on to learn how to use it.
@2012-08-14
Playing Your Cards Close - Custom Error & Exception Handling
Default PHP error handling shares way too much information - learn how to use custom handlers to prevent it.
@2012-08-13
Stay Safe in Your Php.ini
The default settings in PHP's configuration aren't all secure, here's a few you should change.
@2012-08-11
Can't Trust the $_SERVER
PHP's $_SERVER suportglobal contains some values that come from the user - be careful what you use!
@2012-08-10
OWASP Top Ten: Cross-Site Scripting (XSS)
A look at one of the "Top 10" from the OWASP largest vulnerabilities list
#xss
#owasp
