#PHPSecurity

CoListycolisty
2025-01-21

Learn to create interactive web forms using PHP including dynamic data handling secure transmissions and client server communication basics.
colisty.netlify.app/courses/ph

Steven Rolandstvnrlnd
2024-11-22

Discover why Composer should never be in your public directory! Learn about this crucial security practice for PHP projects.
stevenroland.com/posts/why-com

Steven Rolandstvnrlnd
2024-11-18

Enhance your PHP application security with single-use tokens! Learn how to implement this powerful technique using PHP sessions.
stevenroland.com/posts/impleme

Steven Rolandstvnrlnd
2024-11-15

Enhance your PHP web forms' security with per-form CSRF tokens! Learn how to implement this robust protection against cross-site request forgery attacks.

stevenroland.com/posts/impleme

Steven Rolandstvnrlnd
2024-09-24

Enhance your PHP web app security with a simple CSRF token implementation. Learn how to protect your forms from cross-site request forgery attacks.
stevenroland.com/posts/simple-

Out of Control :laravel: 🇨🇦outofcontrol@phpc.social
2024-08-18

Less shameless reminder, if you are a serious laravel dev, or even just a php dev, go subscribe to Securing Laravel. Stephen will show you are not quite as knowledgeable about securing your apps as you think you are. Worth every penny. phpc.social/@valorin/112982675

#php #laravel #phpsecurity

2024-06-08

A new critical security flaw (CVE-2024-4577) affecting all versions of PHP on Windows has been disclosed. This CGI argument injection vulnerability allows remote code execution by bypassing protections from a previous flaw (CVE-2012-1823).

Key Points:

- Impacts all PHP versions on Windows
- Allows argument injection and remote code execution
- Bypasses previous CVE-2012-1823 protections
- Affects XAMPP installations with specific locales by default
- Patches available in PHP 8.3.8, 8.2.20, and 8.1.29

Admins are urged to update #PHP immediately as exploitation attempts have already been detected. Switching to more secure solutions like Mod-PHP, FastCGI, or PHP-FPM is also recommended.

This simple yet critical bug highlights the importance of thorough security reviews and timely patching.

#PHPSecurity #CVE20244577 #RemoteCodeExecution #CyberSecurity #SoftwareVulnerability #WindowsOS #WebAppSecurity

HackerNews: thehackernews.com/2024/06/new-

Stefano Piccospic@nrw.social
2024-04-15
Daniele Scasciafratte 🇮🇹mte90@mastodon.uno
2021-08-08

RT @phithon_xg@twitter.com

Tricks to download source code for PHP built-in server on Windows.

full version is affected: /index.php::$DATA
prior to 7.4.9, 7.3.21: /index.pHP
prior to 5.6.1, 5.5.5, 5.4.33: /index.php.

#phpsecurity #PHP

🐦🔗: twitter.com/phithon_xg/status/

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst