🐘 PHP Digest

95 result(s) for β€œsecurity”

1
danielmiessler/SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

GitHub β–² 71.9k danielmiessler 11h ago ⚠ Safety
2
vercel-labs/deepsec

Deepsec is a security harness for finding vulnerabilities in your codebase powered by coding agents

AI agent Pentesting
Trendshift β–² 97 vercel-labs 4d ago ⚠ Safety
3
joomlaworks/joomla-3.x

Joomla 3.x development continued to ensure code security and support modern PHP versions

Self-hosted
Trendshift β–² 96 joomlaworks 4d ago ⚠ Safety
4
affaan-m/ECC

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

AI agent AI coding assistant AI skills
Trendshift β–² 83 affaan-m 4d ago ⚠ Safety
5
mukul975/Anthropic-Cybersecurity-Skills

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apa…

AI agent AI skills
Trendshift β–² 81 mukul975 5d ago ⚠ Safety
6
tirrenotechnologies/tirreno

tirreno is a security framework. Event tracking, threat detection, and risk scoring for any product.

GitHub β–² 1.4k tirrenotechnologies 23h ago ⚠ Safety
7
NVIDIA/SkillSpector

Security scanner for AI agent skills. Detect vulnerabilities, malicious patterns, and security risks.

AI skills
Trendshift β–² 84 NVIDIA 8d ago ⚠ Safety
8
unicity-astrid/book

The canonical reference for Astrid OS: kernel, capsules, host ABI, the bus, and the security model.

Trendshift β–² 83 unicity-astrid 9d ago ⚠ Safety
10
pterodactyl/panel

Pterodactyl® is a free, open-source game server management panel built with PHP, React, and Go. Designed with security in mind, Pterodactyl runs all game servers in isolated Docker containers while exposing a beautiful and intuitive UI to end users.

GitHub β–² 9k pterodactyl 4d ago ⚠ Safety
11
dstotijn/hetty

An HTTP toolkit for security research.

Pentesting Proxy
Trendshift β–² 76 dstotijn 19d ago ⚠ Safety
12
Automattic/jetpack

Security, performance, marketing, and design tools — Jetpack is made by WordPress experts to make WP sites safer and faster, and help you grow your traffic.

GitHub β–² 1.8k Automattic 2d ago ⚠ Safety
13
vimeo/psalm

A PHP static analysis tool for finding errors and security vulnerabilities in PHP applications

GitHub β–² 5.9k vimeo 16d ago ⚠ Safety
14
RFC 9116: security.txt for your PHP apps

Table of Contents The problem: a locked door with no doorbell What security.txt is (RFC 9116) Why it matters: lower the barrier, route to the right channel Our take: a CakePHP middleware that never goes stale Pair it with a SECURITY.md Try it today Agnostic middleware code … and…

Blogs dereuromark.de πŸ’¬ 1 Mark 1mo ago
15
PHP 5.4 – looking back

With 5.6.0 having been released and 5.4 branch nearing its well-earned retirement in security-fixes-only status I decided to try and revive this blog. As the last post before the long hiatus was about the release of the 5.4, I think it makes sense to look back and see how 5.4 ha…

Blogs php100.wordpress.com πŸ’¬ 8 Stas 144mo ago
16
Why Drupal’s Bug Bounty is Important

The Drupal project has just announced a bug bounty program where they’re offering sums between $50-1000 USD for anyone who finds and reports a security issue with Drupal 8: Drupal 8 is nearing release, and with all the big architectural changes it brings, we want to ensure…

Blogs blog.phpdeveloper.org πŸ’¬ 7 ccornutt 134mo ago
17
How to Sanitize Data with ES6 Template Strings

These last few examples we’ve been creating HTML and inserting it right into the DOM. If you have any sort of security background and you’re probably screaming, "Wes, you must sanitize that data before you put it into the DOM!!!" A Quick primer on XSS If yo…

Blogs wesbos.com πŸ’¬ 4 wesbos 117mo ago
18
PHP, Security & PSR-9/PSR-10

Late yesterday afternoon the PSR-9 and PSR-10 drafts were moved into master on the php-fig/standards repository, moving them along to the next step and to get the wider perspective of the main PHP-FIG group’s opinions on it. What are PSR-9 and PSR-10, you ask? Here’s…

Blogs blog.phpdeveloper.org πŸ’¬ 3 ccornutt 135mo ago
19
Introducing the Basecamp security bug bounty

We’ve run a private security bug bounty program since 2014. Invited testers reported numerous security vulnerabilities to us, many of them critical. We investigated and fixed the vulnerabilities they reported and thanked them with cash rewards. Before 2014, and concurrently with…

Blogs signalvnoise.com πŸ’¬ 1 George Claghorn 69mo ago
20
Getting to understand the basics of security

In this article I first try to understand what security is and what are best security practices for web applications. In my previous article "The challenge for 2019 has just got real" I had set a challenge for myself in 2019: to learn more about securing web applicatio…

Blogs dragonbe.com πŸ’¬ 1 M. van Dam 90mo ago
21
The challenge for 2019 has just got real

I am a regular listener to the Security Weekly Podcasts Network, that includes Hack Naked News, Business Security Weekly, Enterprise Security Weekly, Secure Digital Life and Application Security Weekly. I really love their shows and over the years I've been listening to them, I …

Blogs dragonbe.com πŸ’¬ 1 M. van Dam 91mo ago
22
Ajax File Uploads with JavaScript's File API

Developers have been using Ajax techniques for years to create dynamic web forms, but handling file uploads using Ajax was always problematic. The crux of the problem was security – it's not a good idea to allow arbitrary code access to any file it wants on a user's system so Ja…

Blogs zaemis.blogspot.com πŸ’¬ 2 Timothy Boronczyk 148mo ago
23
Typed Translation Accessors in Laravel 13.15.0

Laravel 13.15.0 adds typed translation accessors, JSON Schema deserialization, a dedicated Cloud queue driver, and security fixes for date validation and route unserialization. The post Typed Translation Accessors in Laravel 13.15.0 appeared first on Laravel News. Join the Larav…

Blogs laravel-news.com Paul Redmond 22d ago
25
PHP 8.5.6 Released!

The PHP development team announces the immediate availability of PHP 8.5.6. This is a security release. All PHP 8.5 users are encouraged to upgrade to this version. For source downloads of PHP 8.5.6 please visit our downloads page, Windows source and binaries can also be found t…

Blogs php.net Webmaster 1mo ago
26
PHP 8.2.31 Released!

The PHP development team announces the immediate availability of PHP 8.2.31. This is a security release. All PHP 8.2 users are encouraged to upgrade to this version. For source downloads of PHP 8.2.31 please visit our downloads page, Windows source and binaries can also be found…

Blogs php.net Webmaster 1mo ago
27
PHP 8.4.21 Released!

The PHP development team announces the immediate availability of PHP 8.4.21. This is a security release. All PHP 8.4 users are encouraged to upgrade to this version. For source downloads of PHP 8.4.21 please visit our downloads page, Windows source and binaries can also be found…

Blogs php.net Webmaster 1mo ago
28
PHP 8.3.31 Released!

The PHP development team announces the immediate availability of PHP 8.3.31. This is a security release. All PHP 8.3 users are encouraged to upgrade to this version. For source downloads of PHP 8.3.31 please visit our downloads page, Windows source and binaries can also be found…

Blogs php.net Webmaster 1mo ago
29
PHP 8.1.34 Released!

The PHP development team announces the immediate availability of PHP 8.1.34. This is a security release. All PHP 8.1 users are encouraged to upgrade to this version. For source downloads of PHP 8.1.34 please visit our downloads page, Windows source and binaries can also be found…

Blogs php.net Webmaster 6mo ago
30
PHP 8.4.16 Released!

The PHP development team announces the immediate availability of PHP 8.4.16. This is a security release. All PHP 8.4 users are encouraged to upgrade to this version. For source downloads of PHP 8.4.16 please visit our downloads page, Windows source and binaries can also be found…

Blogs php.net Webmaster 6mo ago
31
PHP 8.2.30 Released!

The PHP development team announces the immediate availability of PHP 8.2.30. This is a security release. All PHP 8.2 users are encouraged to upgrade to this version. For source downloads of PHP 8.2.30 please visit our downloads page, Windows source and binaries can also be found…

Blogs php.net Webmaster 6mo ago
32
PHP 8.3.29 Released!

The PHP development team announces the immediate availability of PHP 8.3.29. This is a security release. All PHP 8.3 users are encouraged to upgrade to this version. For source downloads of PHP 8.3.29 please visit our downloads page, Windows source and binaries can also be found…

Blogs php.net Webmaster 6mo ago
33
PHP 8.5.1 Released!

The PHP development team announces the immediate availability of PHP 8.5.1. This is a security release. All PHP 8.5 users are encouraged to upgrade to this version. For source downloads of PHP 8.5.1 please visit our downloads page, Windows source and binaries can also be found t…

Blogs php.net Webmaster 6mo ago
34
Symfony UX 3.2.0 and 2.36.1 released

Symfony UX 3.2.0 and 2.36.1 are now available. Both releases fix two security issues, one in UX Icons and one in UX Toolkit, so every application using these packages should upgrade as soon as possible. On top of the security fixes, version 3.2.0 ships several new features for T…

Blogs symfony.com Fabien Potencier 13d ago
39
roave/security-advisories: Composer against Security Vulnerabilities

Since it's almost christmas, it's also time to release a new project! The Roave Team is pleased to announce the release of roave/security-advisories, a package that keeps known security issues out of your project. Before telling you more, go grab it: mkdir roave-security-advisor…

Blogs ocramius.github.io 140mo ago
40
Composer & Packagist Are Hardening PHP Security

The PHP ecosystem is going through one of its most significant supply chain security shifts in years. After the recent compromise of several Laravel-Lang packages and earlier incidents involving packages like intercom/intercom-php, the Composer and Packagist teams are rolling ou…

Blogs heera.it Sheikh Heera 1mo ago
41
Beyond Vulnerabilities: The AI Security Crisis

The PHP Foundation recently announced a new Ecosystem Security Team to help open source maintainers handle a growing wave of AI-driven security challenges. At first glance, this may look like a routine security initiative but It is not. It is one of the clearest signals…

Blogs heera.it Sheikh Heera 1mo ago
42
Protecting Against XSS In RAILS - JavaScript Contexts

Recently my team was working to implement Brakeman in our CI processes to automatically scan our codebase for security vulnerabilities. Among a few other issues, it identified a handful of similar XSS vulnerabilities of a similar pattern:<script type="text/javascript"> var FO…

Blogs blog.ircmaxell.com Anthony Ferrara 97mo ago
43
WASEC, a book about Web Application Security, is now available for sale

I’m pleased to announce (even though you might have already heard about this on my Twitter stream) that the ebook on web application security I’ve been working on over the past year is now officially available for sale, at the hopefully-reasonable price of $6.99 $9.9…

Blogs odino.org Alessandro Nadalin 80mo ago
44
Web application security: what to do when...

This post is part of the ”WASEC: Web Application SECurity” series, which is a portion of the content of WASEC, an e-book on web application security I’ve written. Here is a list of all the articles in this series: Web security demystified: WASEC Introduction Un…

Blogs odino.org Alessandro Nadalin 81mo ago
47
Replacing Serialization Groups with Property-Level Security

Serialization groups have been the go-to mechanism for controlling field visibility in Symfony and API Platform for years. They work — but they introduce a layer of indirection that gets painful as your application grows. I recently removed the last serialization group from a pr…

Blogs soyuka.me 3mo ago
48
Build an AI-Driven personalisation engine in Joomla using User Behaviour data

Most Joomla sites serve the same content to every registered user regardless of what they have read before, what they searched for, or how long they spent on specific topics. A user who has read six articles about Joomla security gets the same homepage recommendations as someone…

Blogs phpcmsframework.com PHP CMS Frameworks 2mo ago
50
Using the SecurityBundle in Symfony 6

At SymfonyWorld Winter 2021, I talked about using the new Symfony authentication system in your applications in Symfony 6. We discussed the important changes to the Security component, what we tried to improve with each change, and how you can use these to make a more secure app…

Blogs wouterj.nl Wouter de Jong 55mo ago
51
Knex (with MySQL) had a very scary SQL injection

Knex recently released a new version this week (2.4.0). Before this version, Knex had a pretty scary SQL injection. Knex currently has 1.3 million weekly downloads and is quite popular. The security bug is probably one of the worst SQL injections I’ve seen in recent memory, espe…

Blogs evertpot.com Evert Pot 42mo ago
52
Upgrading Sensio Security Annotation: The Full Story

The `@Security` annotation, which originated in the Sensio extra bundle, goes a long way. The official upgrade docs have a few misleading pointers, that force you to use unnecessary verbose language. Fortunately, few hidden levels make code much less verbose and more readable. T…

Blogs tomasvotruba.com Tomas Votruba 15mo ago
53
Processing Content Security Policy violation reports

Content Security Policy can be used to generate reports describing attempts to attack your site. This post briefly explains how this works, and presents a simple example script that can be used to process these reports.

Blogs mathiasbynens.be Mathias 155mo ago
54
Hiding JSON-formatted data in the DOM with CSP enabled

If Content Security Policy is enabled for protection against cross-site scripting attacks (i.e. the unsafe-inline option is not set), the use of inline s is not allowed. In that case, how can we pass server-generated data to the front-end without negatively affecting load time a…

Blogs mathiasbynens.be Mathias 156mo ago
55
LinkedInSecurity

This is an uncharacteristically non-PHP post, but I thought it may interest the audience anyway, and this is as good place as any to have it. So the TLDR of this post is that I’ve recently had an interaction with certain security issue in LinkedIn, this issue is still ther…

Blogs php100.wordpress.com Stas 144mo ago
56
Post-quantum security for SSH access on GitHub

Today, we’re announcing some changes that will improve the security of accessing Git data over SSH. What’s changing? We’re adding a new post-quantum secure SSH key exchange algorithm, known alternately as sntrup761x25519-sha512 and sntrup761x25519-sha512@openss…

Blogs github.blog brian m. carlson 9mo ago
57
Magento / Adobe Commerce 2.4.8-p4 Security Patch Released

Adobe has released a new security patch for Adobe Commerce and Magento Open Source: version 2.4.8-p4. Like most patch releases, […] The post Magento / Adobe Commerce 2.4.8-p4 Security Patch Released first appeared on Max Pronko.

Blogs maxpronko.com Max Pronko 3mo ago
58
[news] Yii 2.0.55

We are pleased to announce the release of Yii Framework version 2.0.55. Please refer to the instructions at https://www.yiiframework.com/download/ to install or upgrade to this version. In this release: Security fix for CVE-2026-39850: internal variables in View::renderPhpFile()…

Blogs yiiframework.com samdark 11h ago
59
CakePHP AuditStash 2.0: Beyond CRUD

Table of Contents Log anything, not just CRUD A real admin dashboard Native Slack and Discord alert channels Lifecycle hooks for the monitor A real export workflow Security: deny-by-default admin access Forensic capture and a sensitive-field rule Tamper-evident audit logs Tracki…

Blogs dereuromark.de Mark 1mo ago
70
Speaking at AppSec USA 2015

It’s always good to step outside of your usual bubble and try something new every once and a while. I recently took this step and submitted for the AppSec USA 2015 conference happening in San Francisco on September. My topic? PHP security, naturally but it’s to a muc…

Blogs blog.phpdeveloper.org ccornutt 135mo ago
71
Green IT: Reducing the Environmental Footprint of IT and APIs with Erik Wilde

Erik Wilde is well known in the world of HTTP and APIs for his work on defining standards, and the excellent YouTube channel "Getting APIs to Work". which has over 250 videos talking about everything from data meshes, security breaches, and API lifecycle management.I p…

Blogs philsturgeon.com Phil Sturgeon 23mo ago
72
Building c-base @ 35C3 with Flowhub

The 35th Chaos Communication Congress is now over, and it is time to write about how we built the software side of the c-base assembly there. c-base at 35C3 The Chaos Communication Congress is a major fixture of the European security and free software scene, with thousands of at…

Blogs bergie.iki.fi Henri Bergius 91mo ago
73
All PHP 7.x versions are now EOL

PHP 7.4, the last PHP version in 7.x series, reached its End-of-Life date on November 28th. PHP 7.4 received one year of security fixes (but no bug fixes) from November 2021. PHP 7.4.33 is the last PHP version.

Blogs php.watch Ayesh Karunaratne 43mo ago
76
Spring Boot: Creating a filter to verify an API key header

Phew! Been awhile but we’re back! NOTE: There’s a working Spring Boot application demonstrating this at https://github.com/Setfive/spring-demos For many applications a security and authentication scheme centered around users makes sense since the focus of the applica…

Blogs shout.setfive.com Ashish Datta 76mo ago
77
A WordPress to Drupal CMS migration for DamFailures

Completed Drupal site or project URL: https://damfailures.org/DamFailures.org approached Specbee with a familiar challenge - Security concerns and maintenance headaches on WordPress. They needed something more stable, but still friendly for their marketing and content teams…

Blogs drupal.org shefali shetty 11mo ago
78
Drupal 10 will be supported until the release of Drupal 12 in mid-late 2026

New major release schedule Beginning with Drupal 10, a new Drupal major version will be released every two years in even years (2022, 2024, etc.). Each major version will receive active support for about two years, followed by maintenance support and security coverage for about …

Blogs drupal.org gábor hojtsy 31mo ago
79
Drupal 10.0.0 is available

Thanks to 2129 contributors from 616 organizations resolving 4083 issues in the past two and a half years, Drupal 10.0.0 is available today! This new version sets Drupal up for continued stability and security for the longer term. All new features will be added to Drupal 10 goin…

Blogs drupal.org gábor hojtsy 43mo ago
80
Drupal 9.5.0 is available

The fifth and final feature release of Drupal 9 brings a stable CKEditor 5 module, a command line theme generator and helps prepare for your update to Drupal 10. Bugfixes will be provided for Drupal 9.5 until June 2023 and security fixes will be provided until November 2023. Wha…

Blogs drupal.org gábor hojtsy 43mo ago
81
Drupal 7's End-of-Life extended to November 1, 2023 - PSA-2022-02-23

Date: 2022-February-23Description: Drupal 7 End of Life has received a final extension to January 5th, 2025 More than a decade after its first release, Drupal 7 is still widely used across the web. It can be found powering civic engagement in government installations; …

Blogs drupal.org Drupal Security Team 53mo ago
82
Drupal 8 is now end-of-life - PSA-2021-11-30

Date: 2021-November-30Description: As of November 17, 2021, the Drupal core version 8 series has reached end-of-life. This means that all releases of Drupal 8 core (with 8.y.x version numbers) and Drupal contributed project releases that are compatible with only Drupal…

Blogs drupal.org Drupal Security Team 55mo ago
83
Documentation of a project

In my previous post I described 10 steps we should take to improve security of web applications. In this article I'm going to describe the purpose of documenting a project and what information should be included. Every successful project requires documentation to commu…

Blogs dragonbe.com M. van Dam 89mo ago
84
Usefulness of Security Audits

Today, the Helm Maintainers are proud to announce that we have successfully completed a 3rd party security audit for Helm 3. Helm has been recommended for public deployment. Helm, the package manager for Kubernetes, just completed its first security audit. This is one of the ben…

Blogs codeengineered.com Matt Farina 82mo ago
86
One Month of Ecosystem Security Engineering

Last month I shared with you that the PHP Foundation secured a grant by Alpha-Omega through the Linux Foundation to help improve the security of the PHP open source ecosystem, and that it is forming a new Ecosystem Security Team. Today I want to update you on the progress so far…

Blogs thephp.foundation 10d ago
87
Announcing the Ecosystem Security Team at The PHP Foundation

The core mission of the PHP Foundation is to ensure the long-term prosperity of the PHP language. Today, your, or your company's, financial contributions primarily fund developers working on the PHP language. In addition to sponsorships, the PHP Foundation uses grants to enable …

Blogs thephp.foundation 1mo ago
88
Google I/O 2014 – HTTPS Everywhere (video)

Excellent, essential and game-changing talk by Ilya Grigorik and Pierre Far (both of Google), explaining why you should always use HTTPS, not only on “security-related requests”. The talk also features prices and sources of certificates, have a look on the free ones …

Blogs dev-metal.com Chris 139mo ago
89
Patching the Linux kernel (Raspbian & CVE-2016-0728)

CVE-2016-0728 has been disclosed earlier this week and it is a serious security issue. The vulnerability affects most of the Linux kernel versions (3.8 and above). Although the exploit seems tricky to successfully use, it is still a flaw that has to be patched ASAP. I use a few …

Blogs williamdurand.fr William Durand 127mo ago
92
New features and changes in the upcoming Laravel 7.0 release

We are just a few weeks away from the Laravel 7 release, so I've put together a list of some important new features and changes. Of course this is not everything but it is a brief overview of some of the new stuff. Please note that Laravel 5.8 will not receive security updates a…

Blogs pascalbaljet.dev 78mo ago
93
Vendor Security

A few weeks ago I had to have a conversation with a vendor about credentials. Despite some push back from our side, they insisted that their Bearer Token style authentication key for HTTP requests was safe from MitM + Replay attacks. The token was to be used from a user’s …

Blogs seancoates.com 26mo ago
94
PHP Application Security

PHP Application Security ssingh Thu, 12/18/2025 - 13:43 ILT (Instructor-Lead-Training) 1295 0 PHP Application SecurityLearn how to keep your PHP applications safe from attack.Back to top Course DescriptionSecurity is a top concern shared by all company stakeholders. We have all …

Blogs zend.com ssingh 6mo ago
95
Laminas Advanced

Laminas Advanced ssingh Thu, 12/18/2025 - 13:43 ILT (Instructor-Lead-Training) 1295 0 Laminas AdvancedBack to top Add Basic Data Modeling, Security, and REST APIs to Your Laminas Skillset Course DescriptionThis course builds on the foundation laid in the Laminas Fundamental…

Blogs zend.com ssingh 6mo ago