Filter by tag: insights

Learnings from WordPress Security Month

16 min read 15 Jan 2019 by Simon Scannell
Last year in December we released once a day a vulnerability affecting WordPress core or one of the most popular WordPress plugins, next to a critical persistent XSS in wordpress.org. This blogpost will summarize common mistakes developers make and the overall impact our advent calendar had on the WordPress community and the current state of WordPress security.

PHP Security Advent Calendar 2018

3 min read 27 Nov 2018 by Johannes Dahse
The holiday season is coming up again and it’s time for some security fun. For the third time in a row, we are proud to announce our PHP security advent calendar. This year, we will analyze 24 exciting security bugs that we detected in the most widespread WordPress plugins.

WordPress Configuration Cheat Sheet

11 min read 31 Oct 2018 by Nils Werner
WordPress is the most frequently installed web application in the world. The system is operated not only by experienced developers but also by beginners. In this blog post, we summarize what to look out for when configuring your WordPress installation’s security.

What is PHP Object Injection

11 min read 9 Oct 2018 by Simon Scannell
A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they can lead to a full site takeover by remote attackers.

Symfony Configuration Cheat Sheet

10 min read 27 Sep 2018 by Nils Werner
Symfony is one of the most widely used PHP frameworks with many components and options. Our Symfony Configuration Cheat Sheet shows how to ensure a secure baseline for your framework in 10 steps.