PHP assert code injection
Not sure if in this case if it is possible to inject malicious code in $entityId and if it will be processed by php.
$entityId = $_GET[“name”];
public function getMetaData($entityId) {
assert(‘is_string($entityId)’);
}
Category Archives: code review
Code Review Lamp Subtly Reminds You To Help Your Fellow Developer
[Dimitris Platis] works in an environment with a peer review process for accepting code changes. Code reviews generally are a good thing. One downside though, is that a lack of responsiveness from other developers can result in a big hit to team’s development speed. It isn’t that other developers are unwilling to do the reviews, it’s more that individuals are often absorbed in their own work and notification emails are easily missed. There is also a bit of a “tragedy of the commons” vibe to the situation, where it’s easy to feel that someone else will surely attend to the …read more
Continue reading Code Review Lamp Subtly Reminds You To Help Your Fellow Developer
How to become a Monero million(th)aire in just 20 minutes [PODCAST]
Here’s Episode 7 of the Naked Security podcast – enjoy. Continue reading How to become a Monero million(th)aire in just 20 minutes [PODCAST]
Security code review recommendations
I’ve been writing software for ~7 years and have been actively interested in security for ~2-3. This interest has been entirely self-motivated and primarily on the attack side; I’ve written several FOSS offensive security too… Continue reading Security code review recommendations
How to explain to our developer manager the benefits of using a linter also as a security feature?
Someone mentioned that linters would have helped not only for keeping the code looking better and friendlier, but also safer.
ESlint has a rule to indicate, for example, to use {} which would have helped avoid the ‘goto fai… Continue reading How to explain to our developer manager the benefits of using a linter also as a security feature?
Semmle, startup that makes code searchable, hauls in $21M Series B
Semmle, a startup that originally spun out of research at Oxford, announced a $21 million Series B investment today led by Accel Partners. It marked the second time Accel has led an investment in the company. Other investors include Work-Bench, Capital One, Credit Suisse, Google, Microsoft, NASA and Nasdaq Trust. Today’s investment brings the total […] Continue reading Semmle, startup that makes code searchable, hauls in $21M Series B
OpenEMR vulnerabilities put patients’ info, medical records at risk
A slew of vulnerabilities in OpenEMR allowed attackers to access random patients’ health records, view data from a target database, escalate their privileges on the server, execute system commands, and more. What is OpenEMR? OpenEMR is a free and… Continue reading OpenEMR vulnerabilities put patients’ info, medical records at risk
Secure Code Review
Is there any online resource to learn secure code review from basic to pro? The course should have practical exercises
Cupertino Code Signing, The Next Generation (Maybe It’ll Work)
via Josh Pitts (a staff engineer at OKTA), and writing on the company blog, comes a well crafted explanatory piece on what he has discovered in the third-party-code-signing Apple Inc. (NasdaqGS: AAPL) debacle. So much for the highly touted (by Apple, … Continue reading Cupertino Code Signing, The Next Generation (Maybe It’ll Work)
Is this Python program secure?
Note: I’m new to information security practices so feel free to point out anything I could be doing better.
Situation : I’m currently creating an encryption system for instant messaging and I want to know if what I’m doing i… Continue reading Is this Python program secure?