SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
95 result(s) for βsecurityβ
Deepsec is a security harness for finding vulnerabilities in your codebase powered by coding agents
Joomla 3.x development continued to ensure code security and support modern PHP versions
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platforms · 26 security domains · Apa…
tirreno is a security framework. Event tracking, threat detection, and risk scoring for any product.
Security scanner for AI agent skills. Detect vulnerabilities, malicious patterns, and security risks.
The canonical reference for Astrid OS: kernel, capsules, host ABI, the bus, and the security model.
Cross-platform GUI written in Rust using ADB to debloat non-rooted Android devices. Improve your privacy, the security and battery life of your device.
Pterodactyl® is a free, open-source game server management panel built with PHP, React, and Go. Designed with security in mind, Pterodactyl runs all game servers in isolated Docker containers while exposing a beautiful and intuitive UI to end users.
An HTTP toolkit for security research.
Security, performance, marketing, and design tools — Jetpack is made by WordPress experts to make WP sites safer and faster, and help you grow your traffic.
A PHP static analysis tool for finding errors and security vulnerabilities in PHP applications
Table of Contents The problem: a locked door with no doorbell What security.txt is (RFC 9116) Why it matters: lower the barrier, route to the right channel Our take: a CakePHP middleware that never goes stale Pair it with a SECURITY.md Try it today Agnostic middleware code … and…
With 5.6.0 having been released and 5.4 branch nearing its well-earned retirement in security-fixes-only status I decided to try and revive this blog. As the last post before the long hiatus was about the release of the 5.4, I think it makes sense to look back and see how 5.4 ha…
The Drupal project has just announced a bug bounty program where they’re offering sums between $50-1000 USD for anyone who finds and reports a security issue with Drupal 8: Drupal 8 is nearing release, and with all the big architectural changes it brings, we want to ensure…
These last few examples we’ve been creating HTML and inserting it right into the DOM. If you have any sort of security background and you’re probably screaming, "Wes, you must sanitize that data before you put it into the DOM!!!" A Quick primer on XSS If yo…
Late yesterday afternoon the PSR-9 and PSR-10 drafts were moved into master on the php-fig/standards repository, moving them along to the next step and to get the wider perspective of the main PHP-FIG group’s opinions on it. What are PSR-9 and PSR-10, you ask? Here’s…
We’ve run a private security bug bounty program since 2014. Invited testers reported numerous security vulnerabilities to us, many of them critical. We investigated and fixed the vulnerabilities they reported and thanked them with cash rewards. Before 2014, and concurrently with…
In this article I first try to understand what security is and what are best security practices for web applications. In my previous article "The challenge for 2019 has just got real" I had set a challenge for myself in 2019: to learn more about securing web applicatio…
I am a regular listener to the Security Weekly Podcasts Network, that includes Hack Naked News, Business Security Weekly, Enterprise Security Weekly, Secure Digital Life and Application Security Weekly. I really love their shows and over the years I've been listening to them, I …
Developers have been using Ajax techniques for years to create dynamic web forms, but handling file uploads using Ajax was always problematic. The crux of the problem was security – it's not a good idea to allow arbitrary code access to any file it wants on a user's system so Ja…
Laravel 13.15.0 adds typed translation accessors, JSON Schema deserialization, a dedicated Cloud queue driver, and security fixes for date validation and route unserialization. The post Typed Translation Accessors in Laravel 13.15.0 appeared first on Laravel News. Join the Larav…
Read the full post on https://stitcher.io/blog/php-ecosystem-security-team
The PHP development team announces the immediate availability of PHP 8.5.6. This is a security release. All PHP 8.5 users are encouraged to upgrade to this version. For source downloads of PHP 8.5.6 please visit our downloads page, Windows source and binaries can also be found t…
The PHP development team announces the immediate availability of PHP 8.2.31. This is a security release. All PHP 8.2 users are encouraged to upgrade to this version. For source downloads of PHP 8.2.31 please visit our downloads page, Windows source and binaries can also be found…
The PHP development team announces the immediate availability of PHP 8.4.21. This is a security release. All PHP 8.4 users are encouraged to upgrade to this version. For source downloads of PHP 8.4.21 please visit our downloads page, Windows source and binaries can also be found…
The PHP development team announces the immediate availability of PHP 8.3.31. This is a security release. All PHP 8.3 users are encouraged to upgrade to this version. For source downloads of PHP 8.3.31 please visit our downloads page, Windows source and binaries can also be found…
The PHP development team announces the immediate availability of PHP 8.1.34. This is a security release. All PHP 8.1 users are encouraged to upgrade to this version. For source downloads of PHP 8.1.34 please visit our downloads page, Windows source and binaries can also be found…
The PHP development team announces the immediate availability of PHP 8.4.16. This is a security release. All PHP 8.4 users are encouraged to upgrade to this version. For source downloads of PHP 8.4.16 please visit our downloads page, Windows source and binaries can also be found…
The PHP development team announces the immediate availability of PHP 8.2.30. This is a security release. All PHP 8.2 users are encouraged to upgrade to this version. For source downloads of PHP 8.2.30 please visit our downloads page, Windows source and binaries can also be found…
The PHP development team announces the immediate availability of PHP 8.3.29. This is a security release. All PHP 8.3 users are encouraged to upgrade to this version. For source downloads of PHP 8.3.29 please visit our downloads page, Windows source and binaries can also be found…
The PHP development team announces the immediate availability of PHP 8.5.1. This is a security release. All PHP 8.5 users are encouraged to upgrade to this version. For source downloads of PHP 8.5.1 please visit our downloads page, Windows source and binaries can also be found t…
Symfony UX 3.2.0 and 2.36.1 are now available. Both releases fix two security issues, one in UX Icons and one in UX Toolkit, so every application using these packages should upgrade as soon as possible. On top of the security fixes, version 3.2.0 ships several new features for T…
Affected versions Symfony UX Icons versions >=2.17.0<2.36.1, >=3.0.0<3.2.0 are affected by this security issue. The issue has been fixed in Symfony UX Icons 2.36.1, 3.2.0. Description The ux_icon() Twig function is marked is_safe=['html'], so Twig never escapes its o…
Affected versions Symfony UX Toolkit versions >=2.32.0<2.36.1, >=3.0.0<3.2.0 are affected by this security issue. The issue has been fixed in Symfony UX Toolkit 2.36.1, 3.2.0. Description The ux:install console command installs files from a recipe kit by copying path…
Moat scans your GitHub user, org, or repo with one command, and surfaces misconfigured security settings, including 2FA, pinned actions, branch protection, and more.
Add authentication to your Laravel MCP server without writing an authorization server. Plus, security best practices.
Since it's almost christmas, it's also time to release a new project! The Roave Team is pleased to announce the release of roave/security-advisories, a package that keeps known security issues out of your project. Before telling you more, go grab it: mkdir roave-security-advisor…
The PHP ecosystem is going through one of its most significant supply chain security shifts in years. After the recent compromise of several Laravel-Lang packages and earlier incidents involving packages like intercom/intercom-php, the Composer and Packagist teams are rolling ou…
The PHP Foundation recently announced a new Ecosystem Security Team to help open source maintainers handle a growing wave of AI-driven security challenges. At first glance, this may look like a routine security initiative but It is not. It is one of the clearest signals…
Recently my team was working to implement Brakeman in our CI processes to automatically scan our codebase for security vulnerabilities. Among a few other issues, it identified a handful of similar XSS vulnerabilities of a similar pattern:<script type="text/javascript"> var FO…
I’m pleased to announce (even though you might have already heard about this on my Twitter stream) that the ebook on web application security I’ve been working on over the past year is now officially available for sale, at the hopefully-reasonable price of $6.99 $9.9…
This post is part of the ”WASEC: Web Application SECurity” series, which is a portion of the content of WASEC, an e-book on web application security I’ve written. Here is a list of all the articles in this series: Web security demystified: WASEC Introduction Un…
Useful Laravel links to read/watch for this week of February 26, 2026.
Security considerations when parsing user-provided INI strings and files using `parse_ini_string` and `parse_ini_file` functions.
Serialization groups have been the go-to mechanism for controlling field visibility in Symfony and API Platform for years. They work — but they introduce a layer of indirection that gets painful as your application grows. I recently removed the last serialization group from a pr…
Most Joomla sites serve the same content to every registered user regardless of what they have read before, what they searched for, or how long they spent on specific topics. A user who has read six articles about Joomla security gets the same homepage recommendations as someone…
Article about how to subvert file integrity checks made by most popular WordPress Plugins
At SymfonyWorld Winter 2021, I talked about using the new Symfony authentication system in your applications in Symfony 6. We discussed the important changes to the Security component, what we tried to improve with each change, and how you can use these to make a more secure app…
Knex recently released a new version this week (2.4.0). Before this version, Knex had a pretty scary SQL injection. Knex currently has 1.3 million weekly downloads and is quite popular. The security bug is probably one of the worst SQL injections I’ve seen in recent memory, espe…
The `@Security` annotation, which originated in the Sensio extra bundle, goes a long way. The official upgrade docs have a few misleading pointers, that force you to use unnecessary verbose language. Fortunately, few hidden levels make code much less verbose and more readable. T…
Content Security Policy can be used to generate reports describing attempts to attack your site. This post briefly explains how this works, and presents a simple example script that can be used to process these reports.
If Content Security Policy is enabled for protection against cross-site scripting attacks (i.e. the unsafe-inline option is not set), the use of inline s is not allowed. In that case, how can we pass server-generated data to the front-end without negatively affecting load time a…
This is an uncharacteristically non-PHP post, but I thought it may interest the audience anyway, and this is as good place as any to have it. So the TLDR of this post is that I’ve recently had an interaction with certain security issue in LinkedIn, this issue is still ther…
Today, we’re announcing some changes that will improve the security of accessing Git data over SSH. What’s changing? We’re adding a new post-quantum secure SSH key exchange algorithm, known alternately as sntrup761x25519-sha512 and sntrup761x25519-sha512@openss…
Adobe has released a new security patch for Adobe Commerce and Magento Open Source: version 2.4.8-p4. Like most patch releases, […] The post Magento / Adobe Commerce 2.4.8-p4 Security Patch Released first appeared on Max Pronko.
We are pleased to announce the release of Yii Framework version 2.0.55. Please refer to the instructions at https://www.yiiframework.com/download/ to install or upgrade to this version. In this release: Security fix for CVE-2026-39850: internal variables in View::renderPhpFile()…
Table of Contents Log anything, not just CRUD A real admin dashboard Native Slack and Discord alert channels Lifecycle hooks for the monitor A real export workflow Security: deny-by-default admin access Forensic capture and a sensitive-field rule Tamper-evident audit logs Tracki…
An example on how we added extra rules to the switch user functionality of the Symfony security component.
Our project, Gossamer, is the best first step to solving supply chain security for the PHP ecosystem.
Announcing new versions of the PASETO protocol, which offer better arguments for security in a wider range of use cases.
We have a lot of work ahead of us in 2019, and we hope it benefits the entire PHP community
If you're planning on implementing the W3C and FIDO Alliance's new WebAuthn standard for hardware security token support, skip ECDAA for now.
Paseto (Platform-Agnostic Security Tokens) is everything JWT should be, but isn't (namely, secure)
Let's solve application security at an ecosystem level by updating outdated and/or insecure blog posts to refer developers to better practices.
Ward is our latest security product, intended to help secure e-Commerce platforms.
Application security has a checklist problem; we propose a better way forward.
A deep dive into the security engineering decisions that went into CMS Airship. A lot of the decisions we made are subtle.
It’s always good to step outside of your usual bubble and try something new every once and a while. I recently took this step and submitted for the AppSec USA 2015 conference happening in San Francisco on September. My topic? PHP security, naturally but it’s to a muc…
Erik Wilde is well known in the world of HTTP and APIs for his work on defining standards, and the excellent YouTube channel "Getting APIs to Work". which has over 250 videos talking about everything from data meshes, security breaches, and API lifecycle management.I p…
The 35th Chaos Communication Congress is now over, and it is time to write about how we built the software side of the c-base assembly there. c-base at 35C3 The Chaos Communication Congress is a major fixture of the European security and free software scene, with thousands of at…
PHP 7.4, the last PHP version in 7.x series, reached its End-of-Life date on November 28th. PHP 7.4 received one year of security fixes (but no bug fixes) from November 2021. PHP 7.4.33 is the last PHP version.
New PHP versions 8.1.1, 8.0.24, and 7.4.32 released, and they contain bug fixes and security fixes how PHP handles gzip files and cookies.
Drupal 7.91, 9.3.19, and 9.4.3 versions are released with security fixes for information disclosure, code execution, cross-site scripting, and access bypass vulnerabilities.
Phew! Been awhile but we’re back! NOTE: There’s a working Spring Boot application demonstrating this at https://github.com/Setfive/spring-demos For many applications a security and authentication scheme centered around users makes sense since the focus of the applica…
Completed Drupal site or project URL: https://damfailures.org/DamFailures.org approached Specbee with a familiar challenge - Security concerns and maintenance headaches on WordPress. They needed something more stable, but still friendly for their marketing and content teams…
New major release schedule Beginning with Drupal 10, a new Drupal major version will be released every two years in even years (2022, 2024, etc.). Each major version will receive active support for about two years, followed by maintenance support and security coverage for about …
Thanks to 2129 contributors from 616 organizations resolving 4083 issues in the past two and a half years, Drupal 10.0.0 is available today! This new version sets Drupal up for continued stability and security for the longer term. All new features will be added to Drupal 10 goin…
The fifth and final feature release of Drupal 9 brings a stable CKEditor 5 module, a command line theme generator and helps prepare for your update to Drupal 10. Bugfixes will be provided for Drupal 9.5 until June 2023 and security fixes will be provided until November 2023. Wha…
Date: 2022-February-23Description: Drupal 7 End of Life has received a final extension to January 5th, 2025 More than a decade after its first release, Drupal 7 is still widely used across the web. It can be found powering civic engagement in government installations; …
Date: 2021-November-30Description: As of November 17, 2021, the Drupal core version 8 series has reached end-of-life. This means that all releases of Drupal 8 core (with 8.y.x version numbers) and Drupal contributed project releases that are compatible with only Drupal…
In my previous post I described 10 steps we should take to improve security of web applications. In this article I'm going to describe the purpose of documenting a project and what information should be included. Every successful project requires documentation to commu…
Today, the Helm Maintainers are proud to announce that we have successfully completed a 3rd party security audit for Helm 3. Helm has been recommended for public deployment. Helm, the package manager for Kubernetes, just completed its first security audit. This is one of the ben…
Most PHP developers never think about how PHP is built. They download it or install it using a command or a pre-built image and get started with their work. That is exactly how it should feel. A build system is doing its job when the final result looks great and works as expecte…
Last month I shared with you that the PHP Foundation secured a grant by Alpha-Omega through the Linux Foundation to help improve the security of the PHP open source ecosystem, and that it is forming a new Ecosystem Security Team. Today I want to update you on the progress so far…
The core mission of the PHP Foundation is to ensure the long-term prosperity of the PHP language. Today, your, or your company's, financial contributions primarily fund developers working on the PHP language. In addition to sponsorships, the PHP Foundation uses grants to enable …
Excellent, essential and game-changing talk by Ilya Grigorik and Pierre Far (both of Google), explaining why you should always use HTTPS, not only on “security-related requests”. The talk also features prices and sources of certificates, have a look on the free ones …
CVE-2016-0728 has been disclosed earlier this week and it is a serious security issue. The vulnerability affects most of the Linux kernel versions (3.8 and above). Although the exploit seems tricky to successfully use, it is still a flaw that has to be patched ASAP. I use a few …
The PHP Security Advisories Database is now public domain and has moved to a new organization.
The one where I announce the launch of security.sensiolabs.org.
We are just a few weeks away from the Laravel 7 release, so I've put together a list of some important new features and changes. Of course this is not everything but it is a brief overview of some of the new stuff. Please note that Laravel 5.8 will not receive security updates a…
A few weeks ago I had to have a conversation with a vendor about credentials. Despite some push back from our side, they insisted that their Bearer Token style authentication key for HTTP requests was safe from MitM + Replay attacks. The token was to be used from a user’s …
PHP Application Security ssingh Thu, 12/18/2025 - 13:43 ILT (Instructor-Lead-Training) 1295 0 PHP Application SecurityLearn how to keep your PHP applications safe from attack.Back to top Course DescriptionSecurity is a top concern shared by all company stakeholders. We have all …
Laminas Advanced ssingh Thu, 12/18/2025 - 13:43 ILT (Instructor-Lead-Training) 1295 0 Laminas AdvancedBack to top Add Basic Data Modeling, Security, and REST APIs to Your Laminas Skillset Course DescriptionThis course builds on the foundation laid in the Laminas Fundamental…