Supply Chain Security Update: How Secure is Composer?

When it comes to PHP, composer is without discussion, THE package manager. It’s fast, easy to use, actively maintained and very secure — or so most thought. On April 21, 2021, a command injection vulnerability was reported, which shook the PHP community. Fortunately it didn’t have a very big impact, but it could have. The problem with the vulnerability is that it affected the very heart of the Composer supply chain: Packagist servers.

Snyk Code support for PHP vulnerability scanning enters beta

Snyk Code support for PHP vulnerability scanning is now available in beta. Now security issues in PHP code can be identified quickly and easily. To get started, log into Snyk or sign up for a free account. Once logged in on the dashboard, click on the Add Project button in the top right corner and connect to a repository you want to scan.

5 ways to prevent PHP code injection

Following on from my previous post on testing for PHP Composer security vulnerabilities, I thought this post might be useful in helping create more secure applications that prevent PHP code injection. As developers, we build apps to help make end users’ lives easier. Be it entertainment, workplace or social network application, the end goal is to protect the users we build for by ensuring we build security into the code.

Testing for PHP Composer security vulnerabilities with Snyk

PHP is used extensively to power websites. From blogging to ecommerce, it’s embedded in our everyday lives and powers much of the internet we use today. According to a Wappalyzer report on top programming languages of 2020, PHP has a 79% market share of backend languages used on the internet today. One of the biggest challenges with PHP libraries over the years has been package management. There have been a few ways to easily install and maintain libraries including PECL, CPAN.

Preventing SQL injections in PHP (and other vulnerabilities)

If you’ve been around web development for a while, you’ve almost certainly heard the term “SQL injection” and some terrifying stories about it. PHP, like many other languages, is not immune to this type of threat, which can be very dangerous indeed. But, luckily, protecting your websites from SQL injection and other similar threats is something you can take tangible steps towards.

Is Your Language of Choice a Major Flaw Offender?

In volume 11 of our annual State of Software Security (SOSS) report, we uncovered some valuable nuggets of information about how you, the innovative developers of our world, can craft more secure code. For example, did you know that scanning via API improves the time to remediate 50 percent of security flaws by about 17 days, or that C++ and PHP languages have an alarmingly high number of severe security flaws and need greater attention?

What is the best way to protect my PHP code?

The simple answer is to use a compiled code tool and implement as many security features as possible, but sometimes time can be a factor and other matters take precedence so less time goes into security. If your code is valuable then you really should spend time adding more layers of code protection (obfuscation, script licensing, encryption) and there is one feature in particular which sets ionCube apart from other tools, offers advanced protection for your PHP code and is fairly quick to setup.

Learnings from Sqreen's State of App Sec report: PHP apps are 3x more likely to be exploited

With each passing year, we move more and more aspects of our lives online. The line between the online and the offline is becoming thinner and thinner as time goes by. In this scenario, saying that digital security matters is as true as it is obvious. Getting application security wrong can have dramatic consequences for organizations and individuals. That’s the dilemma of security: it’s both incredibly important to get right and amazingly easy to get wrong. And people do get it wrong.

Top 10 security best practices for PHP

While developing a PHP web application, a web developer should also be concerned with security best practices. An insecure web application gives hackers the chance to steal valuable information, such as user data or credit card information. In addition, a data breach may have a drastic impact on the credibility and future operations of your organization. To strengthen your defense mechanisms, this article lists 10 important security best practices for PHP applications. Let’s get started!