Collaborate Disseminate
I am creating a web app (HTML, CSS, JavaScript, PHP & MySQL) where the users register, and only logged users can create and save personal Notes (encrypted) in a MySQL Server database I have for this.
I don’t like external libraries, et… Continue reading Feedback wanted regarding my functions to Encrypt/Decrypt data using PHP (Openssl) [closed]
I made these scripts to Encrypt/Decrypt data, example: Messages or a simple string and be able to transform the encrypted data to plain text again. At the end, I am going to explain why I think these scripts are safe/secure and please writ… Continue reading My script to Encrypt/Decrypt data using PHP [closed]
I am new to type juggling attacks in PHP, and only just encountered a magic hash exploit in a war game recently.
Could someone explain why the below PHP code evaluates to true?
I understand that the ‘e’ letter for exponent causes PHP to th… Continue reading Type juggling in PHP [migrated]
I am working on the following war game from Defend The Web, which requires me to do a source code review to login as the user memtash. The code is on GitLab here.
Here is my methodology:
Reset the password for user memtash which causes me… Continue reading Crashing the sha1() function in PHP?
Imagine the following situation: you have a third party software which still uses PHP7 despite of the EOL.
The risk there will be further post-EOL vulnerabilities is as I estimated considerably higher that zero.
If it’s not possible to mig… Continue reading Post-EOL security patches for PHP7
I have a python script on a webserver. The user data are stored in a database. The python script receives the user data as parameters, e.g.:
python3 script.py –name "Andy Wright"
In the script.py, I will write the value of the … Continue reading Securing user input used as parameter for python script?
This bundle has nine interactive courses to help you learn a variety of high-demand coding skills faster and easier.
The post Learn how to code with interactive training for only $40 appeared first on TechRepublic.
Continue reading Learn how to code with interactive training for only $40
I would like to apply 2FA in my PHP application
There are a few third-party 2FA libraries that help with this but none of it is PHP native.
Need advice on which one is widely used to implement 2FA and is secure in terms of code so that our… Continue reading 2FA for PHP Application [closed]
We are using JWT (Json Web Token), with HS256 algorithm.
Is it ok to use PHP’s password_hash() functions output for the secret part?
It’s output is a 128 bit random salt with the user’s password hashed together with bcrypt.
(the reason we … Continue reading JWT secret part from php password_hash() (128bit random salt and password hashed together)?
In one of my PHP apps, I have a part where it scrapes the content of random links on the internet using file_get_contents, and then it runs a regex on this content to find all the email addresses in it. Now, these "links" it scra… Continue reading Is running PHP file_get_contents on random user-generated links safe?