Hardening PHP: magic_quotes_gpc - False sense of security
Writing secure applications from the ground up requires a programmer to fully understand all the features he uses to protect his code from vulnerabilities. Today's languages provide many ways to ease...
View ArticleCross-Site Request Forgery explained
A Cross-site Request Forgery, aka CSRF or one-click attack, is a diffused security issue issue where unathorized commands are sent from the user's browser to a web site or a web application. CSRF is...
View ArticleOAuth in headless applications
OAuth is a wonderful standard: it allows users to give permissions to a third-party service to use theirs accounts on a website; but it works without forcing them to share their password like a...
View ArticleMillions of Gamers Have Their Data Stolen… Again: The Steam Breach
It’s happened – again. A major gaming network has been hacked, compromising millions of users’ information.Legacy Article Type: Opinion/Editorial
View ArticleWhy You Shouldn't Store Files In A Database
Originally a comment here http://creativedev.in/2012/01/storing-a-file-in-database/ In the above article, Bhumi gives a method for storing files *in* the database, using MySQL and PHP. My personal...
View ArticleHow chrome-extension:// Allows Fingerprinting using JavaScript
tldr; Webpages can sometimes interact with Chrome addons and that might be dangerous, more on that later. Meanwhile, a warmup - trick to detect addons you have installed. While all of us are used to...
View ArticleGitHub Hacked: How to Protect Your Code
You should take a serious look at your application and write some tests, first thing Monday. I would write integration tests with real data that attempt to exploit the issues that were exposed by the...
View ArticleGitHub Was Hacked Over the Weekend - Here's What Happened, From Multiple Sources
Hacker News exploded yesterday with news of GitHub being hacked. Wanting to know what all the fuss was about, I began with GitHub's side of the story: A GitHub user exploited a security vulnerability...
View ArticleI’d Like to Share My LinkedIn Password With You – Here’s Why
No really, this is my LinkedIn password: y>8Q^<6mqKEA4hac Well it was my LinkedIn password until earlier today when it became apparent that LinkedIn had suffered what could only be described as a...
View ArticlePassword Encryption -- Short Answer: Don't.
First, read this. Why passwords have never been weaker—and crackers have never been stronger. There are numerous important lessons in this article. Preview Text: One of the small lessons is that...
View ArticlePasswords Are Terrible
I’ve been going through a rash of password resets and changes the last few days, and as such things always do, it set me thinking. If I’m lucky, most of this won’t really be much of a surprise for you....
View ArticleHacktivism is dead. Long live opportunism!
So November 5th was last week and as promised, the global anonymous tirade has descended. The victims so far are both numerous and diverse; PayPal, ImageShack, Lady Gaga (I’m told this outage is a bad...
View ArticleBlocking SQL Injection with htaccess
I've had a recent spate of SQL injection attempts on a site I maintain. Preview Text: I've had a recent spate of SQL injection attempts on a site I maintain. The site passes SQL parameters which...
View ArticleWeekly Poll: How Safe is Java?
In the last week, the Java web plugin was found to have a security exploit severe enough to merit the US Department of Homeland Security broadcasting a security warning and instructing users to disable...
View ArticleActuateOne for OEMs
"Actuate BIRT’s (Business Intelligence and Reporting Tool) proven technology allows software companies to innovate, leapfrog the competition and meet customer demand for interactivity, rich data...
View ArticleHow to Do Username Token, X509 Certificates, HTTP Keystores, and STS...
One of the features that I am very proud of in the HTTP Analyzer in JDeveloper is the ability to test a SOAP service with the minimum of fuss. Rather than having to configure security headers and...
View ArticleDZone Links You Don't Want To Miss (2/14/13)
Where Did The Term "Big Data" Come From The NYTimes did some deep investigating into the etymological origins of the biggest buzzword in IT right now.A Reference Tool For Finding Out Which Media...
View ArticleDZone Links You Don't Want To Miss (2/20/13)
Our Best Weapon Against CISPA And Gov't Control Now that CISPA is back on the table in the US Congress, Patrick Lambert believes it's not going to cut it if we fight the bills. We need to fight back...
View ArticleScaleBase Overview – Your complete scale out partner
ScaleBase Overview – Your complete scale out partner Watch the Video below to learn how to scale out your MySQL Database with ScaleBase. Cost-effectively scale to an infinite number of users, with NO...
View ArticlePHP's mcrypt
Preview Text: This a symmetric encryption primer for PHP: you'll learn how to call the mcrypt API to encrypt and decrypt strings, using a single key in both processes. Legacy Sponsored: unsponsored
View Article
