About
-
Interview mit Thomas Bachem, Chief Architect sevenload.de
[English readers: this is the start of a new series called „/dev/video“ (current project name, may change without further notice) which targets PHP and other web application developers and covers interviews with public projects and tech talk between Mayflower employees and other people. The series will be both in English and German, this first video…
-
Web2.0 Security: Warum im Web2.0 Gefahren lauern
Aus dem Symantec Internet Security Threat Report: 69% aller Vulnerabilities passieren in Webapplikationen. Die Mitre Corporation CVE Datenbank bestätigt: 21,5% aller Lücken sind XSS Lücken. Johann-Peter Hartmann, CTO Mayflower GmbH, zeigte auf der AJAX in Action in Frankfurt dieser Woche, warum insbesondere Web2.0 und XSS besonders weh tun: bis zu 100% der üblichen MVC (Model,…
-
Dear readers: Thank You!
von
in PHPSebastian Bergmann mentioned the 5 year anniversary of the PHP Magazin in his blog and Kris Köhntopp’s article of the PHP Kongress back in 2000. I have been editor in chief of the PHP Magazin since 5 years now (it was the world’s first print publication dedicated only to PHP) and co-organised the world’s first…
-
Understanding successful tracing of security vulnerabilities
Web applications can easily become very complex. Several hundreds of thousands of lines of code (no HTML templates!) is usual at larger corporate solutions. This also means that your PHP applications follows the standards like object oriented programming, nested classes etc. When it comes down to detect security vulnerabilities, a lot of tools are available.…
-
SQL injections for dummies – and how to fix them (Update)
Well, database operations are bread-and-butter work for most PHP applications. PHP and MySQL, for example, have been like brother and sister for many years. You may have heard about „SQL injections“, a bad taste from the outside world of $_GET, $_POST, $_COOKIE and the like. Everybody should know that you shouldn’t pass variables from outside…
-
Detect and fix security vulnerabilities on server side within seconds.
von
in PHP(See bigger version with better quality at https://chorizo-scanner.com/flash_morcilla ) This video shows you how Morcilla, our brand new PHP extension, lets Chorizo! have a look inside your application on the server. We are able to hook into every PHP function and trace the payloads of Chorizo!. By default, Morcilla hooks into the whole MySQL function…
-
Make the download of large files with PHP (and lighty) very easy
von
in PHPAs you may know, our friend Jan Kneschke is the creator of lighttpd (called „lighty“), a superb OpenSource webserver (designed for speed and easyness) where we provide exclusively consulting and implementation services for. Some days ago I stumbled upon an old entry of Jan in lighty’s life, called „X-Sendfile“. There he explains how to speed…
-
The proxy mode of Chorizo – and a sneak peak to Morcilla, Chorizo’s little sister.
Web applications nowadays use AJAX features to provide a very comfortable interface to their users. XmlHttpRequest is the technique that is used to pull data from the server in the background. Have you ever asked yourself how to track down security issues in your XmlHttpRequests without losing too much time? Well, Chorizo gives you the…
-
Practical Testing PHP Applications with Selenium
von
Testing software whilst ongoing development seems to be a boring job containing a lot of reoccurring tasks. You might end up entering the same test data, most of the time not really context relevant one like for example „foo“ or „bar“, into the same web-forms and get the feeling of doing work that is not…