BLACKBELT

Development Lithium PHP Security

Lithium CSRF Protection

CSRF attacks are among the most common security threats that affect web applications. The details of how CSRF attacks work have been covered extensively around the web. If you want to learn more, I strongly recommend reading Chris Shiflett’s popular…

MySQL PHP Security

Escaping MySQL ‘LIKE’ Queries in PHP

Unlike most common MySQL escaping scenarios in PHP, one needs to take extra precautionary measures when implementing a LIKE query. LIKE queries contain special qualifiers for term matching, % and _, which the user could maliciously include in their search…

Development PHP Security

Secure PHP Authentication Revisited

Awhile back I had posted on the topic of Securing PHP User Authentication, Login, and Sessions. While the majority of methods for increasing obscurity remain true, the hashing algorithms used have become increasingly insecure. If you have not done so,…

Facebook Security

“Likejacking” Term Catches On

Back in late April, following Facebook’s f8 conference, a few articles began trickling out regarding possible security concerns with the new “Like” button. I had, at that time, unknowingly positioned myself as the potential originator of the term “likejacking.” In…