Secure Software Development

Unit testing C code

C Secure Software Development

Writing unit tests is considered a good development habit for numerous reasons. Indeed, unit tests guarantee that the code works as expected, and they prevent developers from accidentally breaking things. Finally, they allow to see how the program is improving with each new commit, and they can be used as documentation to show how the program should be used by others. In this blog post, we show a simple way to implement unit tests when you are writing C code.

Read
Hardening Apache

Secure Software Development

The example below provides some sound configuration parameters for Apache, to help protect your web application. These values can naturally be tweaked for your particular app.

Read
Secure Cookies with Laravel

Secure Software Development Laravel PHP

No. Setting HTTPS is not enough to ensure that your cookies are encrypted. But Laravel proposes some very simple ways to achieve that.

Read
Secure your project with the GitLab SAST analyzers

Secure Software Development GitLab PHP Cyber-Wise

Learn how to secure any project with the GitLab SAST analyzers and easily separate the false positives from the real threats that should be addressed before deploying the project.

Read
Detect unnecessary 'use' statements with PHP CodeSniffer

PHP Secure Software Development

PHP Code Sniffer is a great tool to make sure your code is nicely written. Next to the default rules, you can also install and use additional rules (sniffs) to further enhance your code. Is here how to use PHPCS to detect (and remove) all unnecessary 'use' statements in your code.

Read
Force https with HTTP Strict Transport Security (HSTS)

Secure Software Development

Once you have https enabled for your website (with Letsencrypt for example), you should make sure all your users use the secure version of the site. Typically this done using a redirect. However this still leaves a window of opportunity (the initial HTTP connection) for an attacker to downgrade or redirect the request. With a Strict Transport Security header, you can force a browser to only connect to your server using HTTPS.

Read
Harden your Laravel app with CSP headers

Laravel Secure Software Development Docker Cyber-Wise

CSP (Content Security Policy) reduces the risk of cross-site scripting and other content-injection attacks by defining, at the level of the webserver, a header that whitelists authorized sources of content for your website.

Read
OWASP Dependency Check for Java

Secure Software Development Java

Besides avoiding bug and vulnerabilities in your own code base, creating a secure app requires you make sure that your app doesn't rely on a library that contains vulnerabilities. In any modern project, you will have hundreds of them! Here comes OWASP dependency check to the rescue!

Read
Publish GitLab notifications to Mattermost

Secure Software Development GitLab

Mattermost is a wonderful messaging and collaboration tool for developer teams. It is also a great open source alternative to Slack. In this short blog post we show how to connect Mattermost and GitLab together.

Read
Detect unused composer dependencies

PHP Secure Software Development

If you are using composer to manage the dependencies of your PHP project (and you certainly should), it is very easy to end up using a lot of dependencies. And if your project lives long enough, some (or lots of them) will not be used anymore.

Read
Decompile and modify an Android application

Mobile Device Security Secure Software Development

Usually, Android applications are written in Java (or, now, in Javascript) and compiled in a Dalvik bytecode (DEX file). Then, the bytecode is interpreted and executed by the Dalvik Virtual Machine.

Read
Static code analysis in PHP (and GitLab)

PHP GitLab Secure Software Development

In the PHP toolbox for testing, you'll often find phpunit for unit testing, PHP_CodeSniffer for code style analysis, and here we present PHPStan for static code analysis.

Read