2017 OWASP Top 10 for PHP Developers Part 6: Security Misconfiguration

7 years ago

Web applications can be susceptible to all sorts of vulnerabilities: a web application can be vulnerable to at least one…

2017 OWASP Top 10 for PHP Developers Part 5: Broken Access Control

7 years ago

Let's take a scenario like so: I have a web application that allows people to buy software I created -…

2017 OWASP Top 10 for PHP Developers Part 4: XML External Entities (XXE)

7 years ago

Ever processed XML files in your web application? If you did, you probably parsed their contents. And if you parsed…

2017 OWASP Top 10 for PHP Developers Part 3: Sensitive Data Exposure

7 years ago

There is a lot of exposed data floating on the web. People hear about such events all the time -…

2017 OWASP Top 10 for PHP Developers Part 2: Broken Authentication and Session Management

7 years ago

While browsing the web, you click on a link. The link leads you to a page like this: Looks like…

Other uses of .htaccess: Making a .htaccess-based WAF

7 years ago

If you're a web developer, you're probably fammiliar with .htaccess. If you're not, let me give you a quick introduction: .htaccess…

An old Ticket System Security Analysis

7 years ago

Since I started building websites few years ago, I've created a few projects. Some of them never saw daylight, some…

BreachDirectory has passed the 5 Billion record mark – here’s what it means

7 years ago

When I first began creating BreachDirectory, I thought I'd see at most a hundred million records. Okay, maybe half a…

Your passwords are terrible, and it’s time to do something about it

7 years ago

You know what surprises me the most in regards to data breaches? It's the fact that people still continue to…

A journey back in time: The analysis of the first version of my WAF

7 years ago

As you might already know, back in 2014, I've developed a custom Web Application Firewall. You'll see one adorning BreachDirectory…