News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Fabien Potencier:
Don't use PHP libraries with known security issues
February 20, 2013 @ 10:54:20

In his latest post Fabien Potencier introduces a new effort to help PHP developers using Composer for their dependencies find potential security issues automatically - the security.sensiolabs.com site.

I want to provide a simple and efficient way to check for vulnerabilities in a project and I want to serve more than just the Symfony community. That's why I'm really proud to announce a new SensioLabs initiative: a simple way to check if your project depends on third-party libraries with known security issues. The website explains how it works in details (https://security.sensiolabs.org/), but basically, this initiative gives you several ways to check for security issues in your project dependencies based on the information contained in you composer.lock file (you are using Composer to manage your dependencies, right?)

Composer users can upload their "composer.lock" file and the system will evaluate it against the vulnerabilities it knows about and return any issues it might find. The current database is hosted on github and can be added to by anyone using a pull request. Additionally, you can install the command-line version if you want to do checks locally.

0 comments voice your opinion now!
library security issue sensiolabs database checker


blog comments powered by Disqus

Similar Posts

PHP.net: PHP 5.3.27 Released - PHP 5.3 Reaching End of Life

Justin Carmony's Blog: PHP Design - Biggest Database Oversights

Ralph Schindler's Blog: Database Abstraction Layers Must Live!

PHPBuilder.com: Mitigate the Security Risks of PHP System Command Execution

SitePoint PHP Blog: How To Synchronize Your PHP and MySQL Timezones


Community Events

Don't see your event here?
Let us know!


series php7 extension framework example community install voicesoftheelephpant podcast opinion library introduction release symfony2 api version interview laravel conference performance

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework