security

afbeelding van relaxnow

A PHP Developers look back at OWASP AppSec.eu 2013

  • 16-04-2014
  • 0

"So tell me, why do you use PHP, really?"

I'm sitting at the conference dinner, in the cargo room of the Cap San Diego in Hamburg Germany, supposedly the 'largest cargo ship seaworthy museum in the world'. Across from me is a German student and OWASP volunteer. We've been talking for a while now, he looks forward to a future in pentesting so he volunteered to help with OWASP AppSec Research 2013. AppSec is a conference for Application Security, hosted by the Open Web Application Security Project (OWASP). Sometimes they add 'Research' to it to encourage researchers to come and speak.

'Sigh. Here we go again' I think as I hear conversation around us stop, people listening in.

Lees verder
afbeelding van relaxnow

4 HTTP Security headers you should always be using

What started as a dream for a worldwide library of sorts, has transformed into not only a global repository of knowledge but also the most popular and widely deployed Application Platform: the World Wide Web.
The poster child for Agile, it was not developed as a whole by a single entity, but rather grew as servers and clients expanded it's capabilities. Standards grew along with them.

While growing a solution works very well for discovering what works and what doesn't, it hardly leads to a consistent and easy to apply programming model. This is especially true for security: where ideally the simplest thing that works is also the most secure, it is far too easy to introduce vulnerabilities like XSSCSRF or Clickjacking.

Because HTTP is an extensible protocol browsers have pioneered some useful headers to prevent or increase the difficulty of exploiting these vulnerabilities. Knowing what they are and when to apply them can help you increase the security of your system.  

Lees verder