Filter by tag: php

WordPress Configuration Cheat Sheet

11 min read 31 Oct 2018 by Nils Werner
WordPress is the most frequently installed web application in the world. The system is operated not only by experienced developers but also by beginners. In this blog post, we summarize what to look out for when configuring your WordPress installation’s security.

What is PHP Object Injection

11 min read 9 Oct 2018 by Simon Scannell
A very common and critical vulnerability in PHP applications is PHP Object Injection. This blog post explains how they work and how they can lead to a full site takeover by remote attackers.

Symfony Configuration Cheat Sheet

10 min read 27 Sep 2018 by Nils Werner
Symfony is one of the most widely used PHP frameworks with many components and options. Our Symfony Configuration Cheat Sheet shows how to ensure a secure baseline for your framework in 10 steps.

Framework Misconfiguration Analysis with RIPS

10 min read 21 Aug 2018 by Nils Werner
PHP frameworks such as Symfony, Laravel and CodeIgniter come with a variety of functions and components that make it easier for developers to build their application. However, various settings and configurations can have far-reaching consequences for security. RIPS is now also able to detect security weaknesses that stem from insecure configurations.

What is Phar Deserialization

9 min read 14 Aug 2018 by Johannes Dahse
Last week a new exploitation technique for PHP applications was announced at the BlackHat USA conference. Find out everything you need to know in this blog post.