Web applications can be susceptible to all sorts of vulnerabilities: a web application can be vulnerable to at least one of the 2017 OWASP Top
Read more2017 OWASP Top 10 for PHP Developers Part 5: Broken Access Control
Let’s take a scenario like so: I have a web application that allows people to buy software I created – after a person has bought
Read more2017 OWASP Top 10 for PHP Developers Part 4: XML External Entities (XXE)
Ever processed XML files in your web application? If you did, you probably parsed their contents. And if you parsed their contents, your web application
Read more2017 OWASP Top 10 for PHP Developers Part 3: Sensitive Data Exposure
There is a lot of exposed data floating on the web. People hear about such events all the time – it seems like data breaches
Read more2017 OWASP Top 10 for PHP Developers Part 2: Broken Authentication and Session Management
While browsing the web, you click on a link. The link leads you to a page like this: Looks like a usual login page, right?
Read moreOther uses of .htaccess: Making a .htaccess-based WAF
If you’re a web developer, you’re probably fammiliar with .htaccess. If you’re not, let me give you a quick introduction: .htaccess is a part of Apache. A
Read moreAn old Ticket System Security Analysis
Since I started building websites few years ago, I’ve created a few projects. Some of them never saw daylight, some of them were deleted upon
Read moreBreachDirectory has passed the 5 Billion record mark – here’s what it means
When I first began creating BreachDirectory, I thought I’d see at most a hundred million records. Okay, maybe half a billion. But this, this is
Read moreYour passwords are terrible, and it’s time to do something about it
You know what surprises me the most in regards to data breaches? It’s the fact that people still continue to use passwords like “password” or
Read more