After reading the title you may say to yourself “Oh no, another <<secure login script>> article! Aren’t there enough already online?”. Yes there are, but unfortunately many tutorials (if it’s appropriate to call them so) only show you how to write SQL Injection free code. But that isn’t enough. What about brute force (dictionary, hybrid) attacks? Or how about making your admin panel (user panel) CSRF free? Well this article will try to deal with those issues too.
(continue)
Logs are a very important part of security, either for preventing attacks or for forensics. But sometimes you don’t have access to logs, like for example in shared hosting environments.
(continue)
Code review is probably the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. (Introduction)
(continue)
Yesterday while browsing some security tagged discussions on stackoverflow.com I’ve noticed someone mentioned some filter_ prefixed PHP functions. At first I thought they were some custom written ones, but on a quick check it turned out that there really where this functions. I was shocked. Anyway, let’s digg into it…
(continue)
How many times did you check a web application of yours with a security auditing tool?
I can tell you that I did it a couple of times. And as usual it always hit me with the same warning: ‘the login information is sent in plain text to …php’, or something of sort.
(continue)