Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Paragon Initiative:
A Gentle Introduction to Application Security
Aug 17, 2015 @ 10:51:56

The Paragon Initiative blog has posted a gentle introduction to application security for those new to some of the ideas of secure code and wanting to learn more.

If you are a web developer (or are thinking about teaching yourself web programming), you probably don't think of yourself as a security engineer, or a white-hat/blue-team member of an information security assurance team. You might have considered security threats in the context of quality assurance before (e.g. validating input), but perhaps you're no expert on the subject. But the second your code is deployed in production, your code is the front line of defense for that entire system and quite possibly the entire network. Logically, that means the software you produce must be made reasonably secure.

[...] This might seem like a lot of pressure. [...] I'm not going to say you need to become an application security expert. That very notion betrays the (largely untapped) potential for rich diversity in the technology communities. But I will say this: Application Security is Every Developer's Responsibility

They remind developers that there's a lot more than just 10 types of vulnerabilities (or even 25) and proposes a new model for thinking of security weaknesses in your applications. He outlines five points for assessing the security of your apps, not just common vulnerabilities to fix:

  • Failure to Separate Data from Instructions
  • Unsound Application Logic
  • Your Application's Operating Environment
  • Cryptographic Weaknesses

The fifth is a catch-all "miscellaneous" category that would contain things that are either crossing the boundaries of the other categories or are just each in their own category. He suggests we move on to a "more secure tomorrow", evaluate our applications along these criteria.

tagged: gentle introduction security application paragon initiative taxonomy

Link: https://paragonie.com/blog/2015/08/gentle-introduction-application-security

Introducing WordPress 3 Custom Taxonomies
May 12, 2010 @ 10:42:16

On NETTUTS.com there's a new tutorial that talks about a feature of the upcoming WordPress release (3.0) - taxonomies - and how to create custom ones for your installation.

WordPress 3 fills in a number of important gaps towards being a serious content management system. The easy-to-use custom taxonomies function gives site designers some powerful tools for building a good information architecture. Learn what taxonomies are, why they’re useful, and how to use them in today’s tutorial!

Taxonomies are ways to classify things and can be considered attributes about an object. In the case of WordPress, the only taxonomy that's been available has been the "Category" selection for each post. With this new functionality, it gives you even greater control over the classification of your posts/content. The tutorial shows you how to create simple, nested and hierarchical custom taxonomies and how to use them in your application's code.

tagged: wordpresss custom taxonomy tutorial