Exakat 1.7.7 Review Exakat 1.7.7 brings two new analyses : implode() with one argument, and a sneaky security vulnerability. It is the infamous check with integers. Show me the Exakat 1.7.7 review now! Implode() with one argument Implode() is a PHP native function, which has been around since the last millennium. I am pretty certain […]
Exakat 1.6.6 Review The Exakat 1.6.6 was born in Miami, during sunshine PHP 19. The conference is incredibly energetic, and with the help of fellow attendees, it provided inspiration for some interesting update : PHP supports strings with logical operators (good for security); Exakat reviews typehint and check if they are sufficient in the method […]
Exakat 1.5.5 Review Exakat 1.5.5 is the sinkterklas version : it brings a lot of speed, reports and analysis on its boat, from Spain. Seriously, Exakat 1.5.5 now reports your HTTP headers for unsafe configuration; it also suggests speed up tricks for fputcsv(), and it recommends using the file() functions, instead of fileget_contents(). Then, Exakat […]
The Land Where PHP Uses eval() It is 2018, and the PHP world useseval() in more than 28% of every PHP code source. It is repeatedly reported as a security issue and a performance bottleneck, and a memory hazard. Yet, we can’t get rid of it. It seems reasonable to think that most of eval […]
Comment automatiser la revue de code du TOP 10 OWASP ? On ne présente plus le TOP 10 de OWASP : l’Open Web Application Security Project est une organisation à but non lucratif qui oeuvre pour la sécurité des applications. Le Top 10 OWASP liste les risques de sécurité des applications. Il a été conçu afin de […]
Exakat 0.12.15 review Exakat 0.12.15 is the second October release. Exakat has three new analysis: one target security with uploaded files, another unanchored regex, and the last is about variables that may hold different types. Also, every audit now sports a name, for easier differentiation: after a while, multiples audits may look the same. Now, […]