Yii 2: The Fast, Secure and Professional PHP Framework
43 result(s) for βsecureβ
Twig, the flexible, fast, and secure template language for PHP
βοΈ Ultra-fast, secure & lightweight self-hosted cloud storage — your files, photos, calendars & contacts, all in one place. Built in Rust.
Securely accept major credit and debit cards, and allow customers to pay you directly without leaving your WooCommerce store. View and manage transactions from one convenient place - your WordPress dashboard.
I am a regular listener to the Security Weekly Podcasts Network, that includes Hack Naked News, Business Security Weekly, Enterprise Security Weekly, Secure Digital Life and Application Security Weekly. I really love their shows and over the years I've been listening to them, I …
The HTTP Plugin for MySQL offers three APIs: REST-like CRUD, REST-like JSON DOCUMENT and SQL. The SQL API lets you run any SQL you want. Including, for example, DROP mysql.users if you mess up your setup. Insecure? It depends on your viewpoint. It’s more than just another …
You can view current firewall rules via sudo iptables -L -v. In this video, we'll add to the input chain, which controls incoming (ingress) traffic: sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT sudo iptables -…
We configure SSH to be a bit more secure. We enforce the use of SSH-key based access and ensure that the root user cannot log in over SSH directly. Edit /etc/ssh/sshd_config: # Important PermitRootLogin no PasswordAuthentication no # Double check these PubkeyAuthentication yes P…
We start by creating a new user and authorizing SSH-based access for an SSH key pair. sudo adduser fideloper # Locally: # cd ~/.ssh # ssh-keygen -o -a 100 -t ed25519 -f id_ed # cat id_ed.pub | pbcopy # Back on server when logged in as user "fideloper": echo "your-public-key" >…
I've been using a YubiKey Neo for a bit over two years now, but its usage was limited to 2FA and U2F. Last week, I received my new DELL XPS 15 9560, and since I am maintaining some high impact open source projects, I wanted the setup to be well secured. In addition to that, I ca…
Since online gambling has been regulated in Belgium, basically each eligible license holder has complemented their land based operations with an online counterpart. Being such a small country, everyone wants to secure their market share as soon as possible. The big players have …
When you work with clients that are supplying you with their own secure certificates, they may arrive in different formats that you need to convert, in order to add them to Laravel Forge.
We’re rolling out version 1.1 of Labyrinth, the encrypted storage system and protocol that secures messages and history on Messenger. Labyrinth 1.1 enhances the reliability of end-to-end encrypted backups with a new sub-protocol that helps messages survive the loss of a device, …
tl;dr: Temporary 24-hour cooldown period for plugin/theme releases before auto-updates. AI can give defenders an edge. We want to secure all 78K plugins and themes on WordPress.org. One of the things we’ve always striven to do as the developers of WordPress is to work hard…
On Windows, HTTPS requests made with the Curl extension can fail because Curl has no root certificate list to validate the server certificates. This article discusses the secure and effective solutions, and highlights bad advice that can leave PHP applications insecure.
The Sodium extension in PHP 8.4 now supports `AEGIS-128L` and `AEGIS256` Authenticated Encryption ciphers. They are significantly faster than `AES-GCM` and `CHACHA20-POLY1305`. This article benchmarks them and explains how to securely encrypt and decrypt data using `AEGIS-128L` …
At SymfonyWorld Winter 2021, I talked about using the new Symfony authentication system in your applications in Symfony 6. We discussed the important changes to the Security component, what we tried to improve with each change, and how you can use these to make a more secure app…
In a project I'm working on, we recently needed to add some kind of encryption system that allowed us to store sensitive information in a secure manner, but being able to access to it at runtime in order to pass it to third party services. Securely storing your own app passwords…
and employing them securely At Archer, we have been moving credentials into AWS Systems Manager (SSM) Parameter Store and AWS Secrets Manager. One of the more interesting credentials is an SSH key that is used to clone a GitHub repository into an environment that has IAM roles a…
synergist.io is a secure cloud platform to negotiate contracts in real-time. The product The product developed by synergist is composed mainly by an API and a fronted application. The API is a PHP + Laravel application. The goal I joined the project with the aim of setting-up a …
Today, we’re announcing some changes that will improve the security of accessing Git data over SSH. What’s changing? We’re adding a new post-quantum secure SSH key exchange algorithm, known alternately as sntrup761x25519-sha512 and sntrup761x25519-sha512@openss…
One of the key parts of Building Secure Images with GitHub Actions is unit testing the image just built. While for most of my repositories this has been some bash script in the repo that I copied to the next new repo. Always had the desire to make something more clean than that,…
When I initially started building Docker images only amd64 was relevant, and having a build ⇒ Scan ⇒ Test ⇒ Push cycle was as easy as using docker save and docker load. But with arm64 becoming more and more popular, including with my own home cluster, I needed to add images for …
Start to run In june 2014 I started running because I had secured a speaker slot at the community day of Laracon EU. For my presentation I wanted to look fit on stage. To gain confidence I wanted to drop a few kilograms of weight. I started with a 9 km run and gradually ran furt…
Leveraging the ubiquity of the PHP programming language to make everyone more secure.
A short summary of the work we've done to make the Internet more secure for everyone.
Announcing new versions of the PASETO protocol, which offer better arguments for security in a wider range of use cases.
We wrote a cryptography library entirely in PHP to make your WordPress site secure against supply-chain attacks.
Paseto (Platform-Agnostic Security Tokens) is everything JWT should be, but isn't (namely, secure)
Everything a developer needs to know to build secure software in the PHP programming language in the year 2018
Introducing PIE-Hosted Services to Help Further our Goals to Secure the Entire PHP Ecosystem
Recent events have put supply chain attacks against software updaters on everyone's radar. Scott explains what this means and what to do about it.
How to build your own automatic update system that is verifiably secure.
Ward is our latest security product, intended to help secure e-Commerce platforms.
A reflection on the first six months of the year, ext/sodium landing in PHP 7.2, and where to go from here.
How to use Sapient, our new Secure API Toolkit, to Harden your PHP 7 software.
A deep dive into the security engineering decisions that went into CMS Airship. A lot of the decisions we made are subtle.
A more secure alternative to using PHP's mail() function that will help keep your messages out of the spam filters.
One of our clients recently had a unique use case. They had a Wiki site where they wanted to restrict viewing of posts to only their app’s authorized users. Picture something like a SaaS app where the Wiki site had proprietary content that our client only wanted paying use…
What’s new in Drupal 9.2.0? The second feature release of Drupal 9 helps keep your site even more secure, and comes with increased visitor privacy protection, improved migration tools from Drupal 7, enhancements to the Olivero frontend theme and early support for the WebP image …
Last month I shared with you that the PHP Foundation secured a grant by Alpha-Omega through the Linux Foundation to help improve the security of the PHP open source ecosystem, and that it is forming a new Ecosystem Security Team. Today I want to update you on the progress so far…
How to generate, hash, store, and revoke API keys in a Next.js app using SHA-256 hashing, server actions, and cross-project guards for secure access con...
Exactly 365 days ago, I released my first ebook. I always wanted to share my experiences about it, but I never felt comfortable enough to do so. The project didn't turn out as expected, and I felt embarrassed. It's time to finally reflect it and to overcome my fears.