Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

PHP

Best practices for building a production-ready Dockerfile for PHP applications

Docker is a containerization platform for bundling your code, dependencies, and runtime environment into self-contained units that run identically in different environments. Dockerizing a PHP application simplifies deployment by packaging the PHP runtime, a web server, and your source code and composer dependencies into a container. Getting started with Docker is easy. However, there are a few pitfalls you need to avoid before you can safely use it in production.

How to Dockerize a PHP application securely

Let’s say you’ve built a PHP application, but you want to separate it from supporting infrastructure in a way that keeps things lightweight, portable, and still quite secure. You’d like other developers to be able to work on it without having to recreate whole environments. In short, what you want to do with your application is containerize it — package it and its dependencies into containers that can be easily shared across environments.

NEW Release - ionCube Encoder 13 with PHP 8.2 support

29th August Update: We would like to thank everyone for their patience while we finalised the last steps of this release and are pleased to announce that ionCube Encoder 13 is now available. You can upgrade existing version 11/12 licenses to version 13 or purchase new directly at ioncube.com. ionCube Encoder 13 supports PHP 8.2 encoding where it is possibly to run encoded files on PHP 8.2 with the latest v13.0.1 Loader or later. —

NEW ionCube Encoder 12 Release with PHP 8.1 support

ionCube Encoder 12 has finally been released and supports PHP 8.1 syntax encoding! ionCube now has full support for PHP 8.1 so that you can secure your code to run with the latest version of PHP. ionCube Encoder has some pretty robust features when it comes to PHP code protection and adapting those features to new major versions of PHP can take quite some time to develop!

Securing PHP containers

According to Wappalyzer, PHP powers over twelve million websites. Not bad for a 28-year-old language! Despite its age, PHP has kept up with modern development practices. With support for type declarations and excellent frameworks like Laravel and Symfony, PHP is still a great way to develop web apps. PHP works well in containerized environments. With an official image available on Docker Hub, developers know they can access well-tested PHP container images to build on.

5 tips for securing PHP Laravel

Developer-centric Laravel is often described as “the PHP framework for web artisans.” It’s one of the most used frameworks within the PHP ecosystem, with an extensive community and a wide array of sub-branches dedicated to application development of all kinds. With version 1.0 launched in 2011, Laravel currently powers the websites of global companies like 9GAG, BBC, and Pfizer.

dompdf security alert: RCE vulnerability found in popular PHP PDF library

Recently, researchers from Positive Security published findings identifying a major remote code execution (RCE) vulnerability in dompdf, a popular PDF generation library. In their reporting, they outlined a way that code could be loaded into an application and then remotely executed during a PDF being generated. Dompdf is used quite extensively within the PHP ecosystem, and is used within over 59,000 open sourced platforms and projects.