This post covers the Input Filtering section of the PHP Security chapter when studying for the Zend PHP 7 Certification.
Validating user input within any programming language is a fundamental security feature that prevents applications from being vulnerable to attacks such as SQL and remote code injection.
‘Invalid Encoding’ attacks can be caused by an ...
This post covers the Email Injection section of the PHP Security chapter when studying for the Zend PHP 7 Certification.
PHP contains functions and classes that assist with sending mail, and as a result, some security measures should be taken to prevent injection of spam-related content into the email.
When sending an email using the ...
This post covers the Remote Code Injection section of the PHP Security chapter when studying for the Zend PHP 7 Certification.
Remote code injection, also known as remote file inclusion attacks, run malicious code created by an attacker on a given server. This is often done by exploiting the functionality of PHP’s include() and require() ...
Magento comes with a predefined list of Symfony based CLI commands that perform specific actions, such as deploying static content or clearing the cache. A developer has the ability to add console commands in Magento 2 by adding a module and configuring the command.
By adding the usual registration.php and etc/module.xml files within your module’s ...
This post covers the SQL Injection section of the PHP Security chapter when studying for the Zend PHP 7 Certification.
SQL Injection is a type of attack where an attacker creates or alters existing SQL commands to expose, override data or execute dangerous commands against the host. It can be as simple as adding malicious ...
This post covers the Cross-Site Request Forgery section of the PHP Security chapter when studying for the Zend PHP 7 Certification.
Cross-Site Request Forgery (CSRF) is a type of attack that causes a malicious action to a website from a user’s browser that is running a valid session.
The attack happens when fake forms or ...
This post covers the Cross-Site Scripting section of the PHP Security chapter when studying for the Zend PHP 7 Certification.
Cross Site Scripting (XSS) is one of the most common form of security attacks that happen on the Internet.
The attack focuses on injecting code which is made possible by incorrectly validating user data, which ...
This post covers the Session Security section of the PHP Security chapter when studying for the Zend PHP 7 Certification.
Additional measures should be taken by a developer to protect against session identity theft and preserve the confidentiality of a session.
There are lots of ways that a session ID can be leaked to third ...
This post covers the Configuration section of the PHP Security chapter when studying for the Zend PHP 7 Certification.
Incorrect PHP configuration on a production web server can cause a website to have security flaws that may be exposed to hackers.
Some steps involved in securing your PHP application involve making small changes to the ...
This post covers the Performance section of the PHP Basics chapter when studying for the Zend PHP 7 Certification.
There are two major areas in which performance is affected in PHP. The first area is reduced memory usage, and the second area is run-time delay when the garbage collection mechanism performs its memory cleanups.
Reduced ...