public marks

PUBLIC MARKS with tags sécurité & php

This year

ircmaxell/password_compat · GitHub

by srcmax & 1 other
This library is intended to provide forward compatibility with the password_* functions being worked on for PHP 5.5.

Secure Salted Password Hashing - How to do it Properly

by srcmax & 2 others, 2 comments
If you're a web developer, you've probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain how to do it properly.

2013

2012

2010

Portable PHP password hashing ("password encryption") framework

by srcmax & 5 others
This is a portable public domain password hashing framework for use in PHP applications. It is meant to work with PHP 3 and above, and it has actually been tested with at least PHP 3.0.18 through 5.3.0 so far.

HTML Purifier - Filter your HTML the standards-compliant way!

by parmentierf & 19 others (via)
HTML Purifier is a standards-compliant HTML filter library written in PHP.

PHP Security Consortium: PHPSecInfo

by parmentierf & 8 others (via)
PhpSecInfo provides an equivalent to the phpinfo() function that reports security information about the PHP environment, and offers suggestions for improvement. It is not a replacement for secure development techniques, and does not do any kind of code or app auditing, but can be a useful tool in a multilayered security approach.

2009

Faille PHP dans les versions inférieures à la 5.3.1

by srcmax & 1 other

Un advisory concernant les releases PHP antérieures à la version 5.3.1 a été publié ce vendredi. En effet, la 5.3.1 contient un patch pour un DoS ayant été reporté le 27 Octobre 2009. Le problème concerne le support de la RFC 1867 dans PHP (Formulaire d’upload HTML).

2008

HTML Purifier 3.2.0 released - News - HTML Purifier

by damdec
HTML Purifier 3.2.0 is an amalgamation of new features and fixes that have accumulated over a four month period. Some notable features include optional removal of empty elements, column tracking for tokens, proper support for the name attribute and overridable behavior for alt text. There were also major improvements to the test suite interface, error collection output and the auto-formatter framework.

Ghosts In The Stack - Blind SQL Injections

by damdec & 1 other
Les Blind SQL Injections, ou "injections SQL à l'aveuglette" font partie des techniques avancées d'injections SQL. On les utilise dans le cas de scripts à réponse binaire, c'est à dire qui retournent une réponse du type soit vrai, soit faux. C'est le cas par exemple des formulaires d'authentification. Ce type de script n'affiche pas le résultat d'une injection mais indique simplement s'il y a erreur ou succès, d'où la difficulté apparente d'exploitation. C'est pourquoi il faut dans la plupart des cas utilsier la méthode de la force brute, mais de manière relativement intelligente, permettant de gagner un temps énorme.

Sécuriser une application Web développée en PHP - Tutoriel/Pratique sur Journal du Net Développeurs

by parmentierf & 2 others
Protéger un développement PHP contre les attaques passe notamment par l'application de certaines règles de configuration. La mise en œuvre d'une stratégie de programmation défensive est un plus.

PHP Filter

by damdec
A PHP filter is used to validate and filter data coming from insecure sources. To test, validate and filter user input or custom data is an important part of any web application. The PHP filter extension is designed to make data filtering easier and quicker.

PUBLIC TAGS related to tag sécurité

active directory +   apache +   article +   blog +   cookies +   cryptage +   cryptographie +   csrf +   dev +   developpement +   didacticiel +   déboggage +   email +   exchange +   fichier +   form +   geek +   html +   http +   identité +   informatique +   javascript +   logs +   md5 +   mime +   mysql +   openid +   password +   perl +   php +   php.lib +   programmation +   python +   ressources +   ruby +   security +   serveur +   sessions +   ssl +   statistiques +   test +   upload +   validation +   vulnérabilité +   wapiti +   web +   webdev +   webmaster +   xml security +   xss +  

Active users

srcmax
last mark : 26/02/2014 18:11

dzc
last mark : 20/02/2013 15:05

parmentierf
last mark : 18/01/2010 16:19

astrochoupe
last mark : 12/08/2009 12:20

damdec
last mark : 16/12/2008 07:58

rmaltete
last mark : 06/11/2008 16:26

jmfontaine
last mark : 24/09/2008 07:36