Alle Einträge mit dem Tag "security"

Portable PHP password hashing ("password encryption") framework

This is a portable public domain password hashing framework for use in PHP applications. It is meant to work with PHP 3 and above, and it has actually been tested with at least PHP 3.0.18 through 5.3.0 so far.

XSS (Cross Site Scripting) Prevention Cheat Sheet

Inspekt – An Input Filtering and Validation Library for PHP

Inspekt is a PHP library that makes it easier to write secure web applications<br />
<br />
Inspekt acts as a firewall API between user input and the rest of the application. It takes PHP superglobal arrays, encapsulates their data in an "cage" object, and destroys the original superglobal. Data can then be retrieved from the input data object using a variety of accessor methods that apply filtering, or the data can be checked against validation methods. Raw data can only be accessed via a 'getRaw()' method, forcing the developer to show clear intent.<br />
<br />
Inspekt can also be used on arbitrary arrays, and provides static filtering and validation methods.<br />
<br />
Inspekt works in PHP5, and has no external dependencies.

heise Security – 14.01.10 – SSL für lau

Der eigene Webserver mit einem SSL-Zertifikat, das von einer zugelassenen Certificate Authority ausgestellt wurde und somit im Browser auch keine Warnmeldung verursacht, das böte schon seine Vorteile. Doch allein die Preise für ein Zertifikat von Verisign&Co lassen solche Gedankenspiele meist schnell wieder enden. Der israelische Anbieter StartSSL bietet jedoch kostenlose SSL-Serverzertifikate an, die immerhin ein Jahr gültig sind.

Category:OWASP Enterprise Security API – OWASP

OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Our motto is NO GUTS NO GLORY!

Glastopf Web Interface v1.6

It helps us to distinguish RFI attacks targeting different hosts. And it provides a basic protection for your Website against RFI attacks.
Potentially harmful traffic is diverted to a special honeypot system.
Results from the analysis will be reported to the hosting company from which the attack where originated.