In today’s world, a secure authentication mechanism for web sites is an absolute necessity. Hackers and script kiddies love to hijack accounts in any way possible. While it’s impossible to completely prevent a man in the middle access attack, utilizing SCRAM will certainly make it exponentially more difficult. For a site that isn’t running e-commerce,
Continue reading SCRAM: a new protocol for password authentication
Category: Security
phpseclib: PHP Secure Communications Library
The PHP Secure Communications Library contains LGPL-licensed pure-PHP implementations of arbitrary-precision integers, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, SSH-1, SSH-2, and SFTP. Although many of the features this library implements are implemented in PHP via optional extensions, what are you, as a developer, going to do when a user tries to
Continue reading phpseclib: PHP Secure Communications Library
Crypto-JS: JavaScript cryptographic algorithms
Crypto-JS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns. They are fast, and they have a consistent and simple interface. Additionally it offers some helper functions than are often required when working with hashes and cryptography on the web like fast Base64 and UTF8 encoding
Continue reading Crypto-JS: JavaScript cryptographic algorithms
PHP: SQL injection
SQL injection or SQLi is a code injection technique that exploits a security vulnerability. An injection occurs at the database level of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly
Continue reading PHP: SQL injection
Remove rootkits
Rootkits find the processes that are in place to prevent illicit entry into your system. They then modify these processes to give attackers a remote pathway by which they can open a secret backdoor. Once this happens, attackers can use rootkits to secretly alter files, change processes, distribute spam, and use data mining tools to
Continue reading Remove rootkits