Secure Software Development

Hardening Apache

The example below provides some sound configuration parameters for Apache, to help protect your web application. These values can naturally be tweaked for your particular app.

Read
Secure Cookies with Laravel

No. Setting HTTPS is not enough to ensure that your cookies are encrypted. But Laravel proposes some very simple ways to achieve that.

Read
Secure your project with the GitLab SAST analyzers

Learn how to secure any project with the GitLab SAST analyzers and easily separate the false positives from the real threats that should be addressed before deploying the project.

Read
Detect unnecessary 'use' statements with PHP CodeSniffer

PHP Code Sniffer is a great tool to make sure your code is nicely written. Next to the default rules, you can also install and use additional rules (sniffs) to further enhance your code. Is here how to use PHPCS to detect (and remove) all unnecessary 'use' statements in your code.

Read
Force https with HTTP Strict Transport Security (HSTS)

Once you have https enabled for your website (with Letsencrypt for example), you should make sure all your users use the secure version of the site. Typically this done using a redirect. However this still leaves a window of opportunity (the initial HTTP connection) for an attacker to downgrade or redirect the request. With a Strict Transport Security header, you can force a browser to only connect to your server using HTTPS.

Read
Harden your Laravel app with CSP headers

CSP (Content Security Policy) reduces the risk of cross-site scripting and other content-injection attacks by defining, at the level of the webserver, a header that whitelists authorized sources of content for your website.

Read
OWASP Dependency Check for Java

Besides avoiding bug and vulnerabilities in your own code base, creating a secure app requires you make sure that your app doesn't rely on a library that contains vulnerabilities. In any modern project, you will have hundreds of them! Here comes OWASP dependency check to the rescue!

Read
Publish GitLab notifications to Mattermost

Mattermost is a wonderful messaging and collaboration tool for developer teams. It is also a great open source alternative to Slack. In this short blog post we show how to connect Mattermost and GitLab together.

Read
Detect unused composer dependencies

If you are using composer to manage the dependencies of your PHP project (and you certainly should), it is very easy to end up using a lot of dependencies. And if your project lives long enough, some (or lots of them) will not be used anymore.

Read
Decompile and modify an Android application

Usually, Android applications are written in Java (or, now, in Javascript) and compiled in a Dalvik bytecode (DEX file). Then, the bytecode is interpreted and executed by the Dalvik Virtual Machine.

Read
Static code analysis in PHP (and GitLab)

In the PHP toolbox for testing, you'll often find phpunit for unit testing, PHP_CodeSniffer for code style analysis, and here we present PHPStan for static code analysis.

Read
This website uses cookies. More information about the use of cookies is available in the cookies policy.
Accept