Last Friday I held a class on finding web vulnerabilities for my colleagues. The presentation was laid out in four segments. First segment covered why we’ve launched the initiative to find web vulnerabilities in our products. Next out was a PowerPoint presentation on what to look for and general precautions. Next I demoed the scanner tool we’ve chosen and theContinue reading “Weighing in usability and security”
Category Archives: Devel
Shell Shock Vulnerability
You’ve probably read the news about the Shell Shock vulnerability this morning. Yup – we got a new one on our hands. A problem newly discovered – but has existed for 22 years. The CVE-2014-6271 summary states: “GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers toContinue reading “Shell Shock Vulnerability”
Heartbleed and the way forward
This week the world saw a serious vulnerability manifest itself. Of course we are talking about the infamous Heartbleed vulnerability. By now it should need no further introduction. In the wake of it various recommendations and thoughts are beginning to emerge. I stumbled upon a blog entry yesterday where the author tries to combine Heartbleed with lackContinue reading “Heartbleed and the way forward”
Security layers above framework level
Modern software development can be, IMHO, summarized into utilization of various frameworks. Gone are the days when we had none and had to reinvent the wheel on pr. project basis. From my humble beginnings in the software industry I have seen that various frameworks has taken greater impact on my day-to-day programming style. Instead ofContinue reading “Security layers above framework level”
Identifying WordPress version
For the last few days I’ve been trying to look into the code base of WordPress. Why? I like to read code – it’s what I do most of the days. Every now and then I pick up new tricks which I incorporate in my code at work. Anyhow – some blog posts ago IContinue reading “Identifying WordPress version”
New pages to this blog
After been pondering about how to further showcase myself I have today decided to add two pages to this blog. Firstly, I’ve added a page where I will give an introduction to various tools I use at work. It wont anything fantastic, but just a page with a brief explanation of the tools I find valuable.Continue reading “New pages to this blog”
Use try … catch and setters, please.
Emergency import occurred yesterday. X thousands of millions entries had to find their way into the database. I put on my superman lederhosen and started cranking. Two minutes after starting everything went completely bonkers. The damned import spewed out errors upon errors in the log. “Holy MAC-arel!” I shouted and spat violently on the floor().Continue reading “Use try … catch and setters, please.”
CVEdetails.com – vulnerability data source
As web developers we often find ourselves in the awkward situation of reviewing extension/plugin for our CMS. You know, project managers tend to look into ways to eliminate waste (as according to LEAN methodology) by using already existant plugins. That’ perfectly fine – had it not been for that most plugins suck. Sure – theyContinue reading “CVEdetails.com – vulnerability data source”
MAMP WTF: 3 versions of PHP – 2 versions available
I decided to migrate from XAMPP for Mac to MAMP today. The reason why? XAMPP for Mac has PHP 5.3.1 and I was in need of 5.3.1x and 5.4.x – which MAMP offers. XAMPP seems dead for my platform. Haven’t been an update for quite a long time. Switching over was somewhat easy – butContinue reading “MAMP WTF: 3 versions of PHP – 2 versions available”
reedphish 