My Blog
contains PHP, Web and business/entrepreneurial related content. Please join in the conversation!
Tag Archives: security
Finally – PHP has NoIndex on phpinfo output
Security Issue? A big issue with PHP security had been the developers creating a php info page and not removing it from a production site. As you may know, phpinfo() will dump a ton of useful information (for the developer … Continue reading
JS Tool – Security Auditing in Javascript
JSTool was a trial run of combining many different scripts from the open source community into a security and auditing script. Features would include history viewing, website status reporting and port scanning. Very little original code – just combinations of … Continue reading
PHP Shared Host – Session File Browser Script
PHP stores its session information into flat files unencrypted by default. In shared hosting situations, this can be a big security issue. This script allows easy access to the attributes of these files as well as decoding of the values … Continue reading
XSS with Img OnError attribute
So much of my time is spent worrying over the src or href tags on images and links – that I sometimes forget about the other attributes. Imagine being able to make an image which has no black-flagged content in … Continue reading
Update your URL filtering: possible XSS from "Data" URL scheme – Firefox
In regards to the Data in URL scheme (RFC here), I’ve found an interesting issue with the way firefox handles it which could lead to some XSS I think. First of all, if you’re not aware of the feature, let … Continue reading
Securing WordPress – what my 'oops' reminded me
I don’t want to admit it – but I messed up. I didn’t patch wordpress – and I was a victim of one of the released wp exploits. How could you let this happen? you ask. Well, I was lazy. … Continue reading
Cross Domain AJAX – A quick anatomy of a mashup
So after searching the Internet for some cross domain AJAX stuff, I noticed two interesting articles. The first was the specifics of writing these queries (located here). Then, the next gave a breakdown of how this might be useful in … Continue reading
Write Security Triggers Against SQL Injection
An interesting idea that a colleague told me about was a ‘security trigger’ in any application that has a SQL type storage engine. The trick is to make sure that your admin account is not ID #1 and that your … Continue reading
Demonstrating Password Manager Almost Vulnerability in FireFox
The “security guys” have been talking about the problems with FireFox’s password manager and I got curious. It turns out that javascript can access saved passwords in your password manager simply by creating a login form and capturing the input … Continue reading
The anatomy of a phishing attack – advanced technique
So many phishing attempts lately are just purely pathetic – easy to guess and figure out, mis spelling and grammar issues and just poorly fashioned websites. Although these will work on the novice web surfer, can a clever criminal actually … Continue reading