Skip to main content
Image for post: Writing secure PHP code
17 September 2017

Writing secure PHP code

Here we are to discuss the big security problem on the internet. Am I right if I say it's impossible to be "totally secure"? It depends on your contest, your position or your program or application your are developing. But what I want to try to resume in this post are the most focus point in this matter, the most d... [...]

Read More
Image for post: SwiftMailer, PhpMailer and ZendMail RCE vulnerability
08 January 2017

SwiftMailer, PhpMailer and ZendMail RCE vulnerability

A vulnerability about these popular libraries has been discovered. This video demonstrates how to execute arbitrary code in a vulnerable PHP application that is using Swiftmailer, PHPMailer or ZendMail. The attacker uses a python exploit script to catch informations about the victim and perform the execution of arbitra... [...]

Read More
Image for post: Web security: XSS
30 November 2016

Web security: XSS

XSS is one of the most common security issues we have to worry about. It can be simple to prevent it but sometimes it's not. We must pay attention not only on our PHP code but even on HTML and Javascript ocde without forgetting old browsers. Some malicious users can use old version of Internet Explorer to explore the DOM and... [...]

Read More
Image for post: A new SQL malware is targeting Magento online shops
24 February 2017

A new SQL malware is targeting Magento online shops

It seems that an SQL script is executed when a user makes a new order and even before a new page is rendered. The researcher Jeroen Boersma discovered the SQL malware and Willem de Groot was the first to analyze it.ResourcesWillem de Groot blog postDe Groot malware scannerA guide to clean an hacked Magento... [...]

Read More
Image for post: Kali Linux 2 installation and post installation
30 November 2016

Kali Linux 2 installation and post installation

Kali Linux 2 came out in August 2015. I removed my Ubuntu installation after an ugly kernel panic caused by the ACPI probe failed error (I've not solved this problem with my PC!). I can tell Kali is really amazing: you will have all tools for security, penetration testing and even web development like PHP, MySQL, Git, Java,... [...]

Read More
Image for post: Analyzing traffic, improve performances and security using web debuggers
04 November 2018

Analyzing traffic, improve performances and security using web debuggers

Using a web debuggers or proxy can be very useful to analyze the traffic of your website, show the performances of your web pages and try to improve both performances and security. Here we see what we can do.Popular Web debuggersFiddlerBurp Suite by PortSwiggerCharles web debugger proxyImproving ... [...]

Read More