Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Initiative:
A Gentle Introduction to Application Security
Aug 17, 2015 @ 10:51:56

The Paragon Initiative blog has posted a gentle introduction to application security for those new to some of the ideas of secure code and wanting to learn more.

If you are a web developer (or are thinking about teaching yourself web programming), you probably don't think of yourself as a security engineer, or a white-hat/blue-team member of an information security assurance team. You might have considered security threats in the context of quality assurance before (e.g. validating input), but perhaps you're no expert on the subject. But the second your code is deployed in production, your code is the front line of defense for that entire system and quite possibly the entire network. Logically, that means the software you produce must be made reasonably secure.

[...] This might seem like a lot of pressure. [...] I'm not going to say you need to become an application security expert. That very notion betrays the (largely untapped) potential for rich diversity in the technology communities. But I will say this: Application Security is Every Developer's Responsibility

They remind developers that there's a lot more than just 10 types of vulnerabilities (or even 25) and proposes a new model for thinking of security weaknesses in your applications. He outlines five points for assessing the security of your apps, not just common vulnerabilities to fix:

  • Failure to Separate Data from Instructions
  • Unsound Application Logic
  • Your Application's Operating Environment
  • Cryptographic Weaknesses

The fifth is a catch-all "miscellaneous" category that would contain things that are either crossing the boundaries of the other categories or are just each in their own category. He suggests we move on to a "more secure tomorrow", evaluate our applications along these criteria.

tagged: gentle introduction security application paragon initiative taxonomy

Link: https://paragonie.com/blog/2015/08/gentle-introduction-application-security

Symfony Blog:
New symfony book: "A Gentle Introduction to symfony 1.4"
May 26, 2010 @ 14:13:21

On the Symfony blog there's a recent post about a new book from the Sensio Labs group looking to help you ease into using Symfony - A Gentle Introduction to symfony 1.4.

People keep asking me about when we will publish the "definitive guide" book for symfony 1.4. We already have quite an extension documentation on symfony, but the definitive guide has a different way to teach you symfony that is best suited for some people. So, in the last few months, I have updated it to match the current version of symfony.

This new book includes a few things that some of the others don't like some time spent describing the philosophy of the framework and chapters for each feature of the framework (so that finding the documentation you're looking for is easier). You can get the book in print from Amazon or you can read it online for free.

tagged: book release symfony gentle introduction

Link: