PHP

SQL injection with SQLMap

Code injection is one of the most critical web application vulnerabilities. Indeed, the consequences of code injection can be dramatic (impact). Moreover, still today a lot of web applications are vulnerable to code injection (frequency). Finally, some tools like SQLMap allow to automatically detect and use these vulnerabilities (exploitation). For this reason, the vulnerability is listed in the top 10 published by the Open Web Application Security Project (OWASP) [1]. In this blog post, we will present one type of code injection, called SQL injection, and we will show how to perform a SQL injection attack with SQLMap.

Read
Filter USB devices with udev (and some PHP code)

USB devices can be a liability : they can be used to exfiltrate data from a computer or server, to plug a hardware keylogger, or to plant a malware. Hence on a managed computer, USB devices should be filtered and whitelisted. In this blog post we show how this can be achieved thanks to udev, and some PHP code.

Read
Install and use different versions of PHP

When working on different projects, you may have to switch between different versions of PHP. In this blog post we show how to install and use different versions PHP on Ubuntu.

Read
Laravel action/access control with policies

When developing a web application with Laravel, you will usually have to deal with different users, that have different permissions. If the application is quite simple, with only 2 types of users (administrators that are almighty and regular users that have no permission) you can use a middleware to protect your administrator's area. In this blog post we look at Laravel policies, that allow fine-grain control of user actions.

Read
Secure Cookies with Laravel

No. Setting HTTPS is not enough to ensure that your cookies are encrypted. But Laravel proposes some very simple ways to achieve that.

Read
Secure your project with the GitLab SAST analyzers

Learn how to secure any project with the GitLab SAST analyzers and easily separate the false positives from the real threats that should be addressed before deploying the project.

Read
Laravel database transactions & mysqldump

Did you know that mysqldump can create inconsistent backups if you do not use database transactions in Laravel? Let's discover that issue and address it in order to avoid it. After setting up and running locally a Laravel project that will serve as a demo for that specific issue, we will observe the necessity of using transactions and how to implement them. We'll also discover many more tips while trying to understand what happens under the MySQL hood.

Read
Detect unnecessary 'use' statements with PHP CodeSniffer

PHP Code Sniffer is a great tool to make sure your code is nicely written. Next to the default rules, you can also install and use additional rules (sniffs) to further enhance your code. Is here how to use PHPCS to detect (and remove) all unnecessary 'use' statements in your code.

Read
Testing with Selenium and PHPUnit

In this blog post we continue our series about testing a web application with Selenium. This time we will show how to integrate Selenium with PHPUnit tests and assertions.

Read
Laravel Custom Logging

For the majority of developed program, it is necessary to use a robust and efficient Log mechanism. It is of course the case for a web interface. It is important to be able to track potential bugs or issues.

Read
Implementing email verification in Laravel

Have you ever wanted to ensure your users use email addresses they actually possess? Here is a quick way to achieve it. This tutorial assumes that you already have:

Read
Automated web application testing with PHP, Selenium and GitLab

The easiest way to test that a web application is working correctly is to use a browser and manually go through the pages. If one wants to automate the testing process, there are conceptually two possible approaches: 1) using raw HTTP requests to simulate a browser or 2) using some library and code to drive an actual browser.

Read
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept