Security Tips
Security Tip: Safely Updating Dependencies
[Tip #131] Updating packages used to be a no-brainer, but now you need to be careful. Updates may be malicious. But not updating leaves vulns unpatched. So what do you do??? π€·
In Depth
In Depth: Version Numbers Are Vanity Labels
[In Depth #40] We trust version numbers to mean a specific, fixed release - but they're really just labels pointing at a commit, and an attacker can quietly move them. Let's dig into tag hijacking, the attack behind tj-actions and Laravel-Lang. π
Security Tips
Security Tip: Update your packages! (Yes, this again!)
[Tip #124] I know I say this all the time (especially on stage!), but apparently not everyone heard me, so here we go again...
Security Tips
Security Tip: Do I Have a Vulnerable Package Installed?
[Tip #117] It's easy to say "Update <package> if it's installed!", but how do you actually know if a package is installed, since it may not appear in composer.json?! Also, how did it even get there??!! π€¨
Security Tips
Security Tip: Keep Your Tools Updated!
[Tip#71] We talk a lot about keeping our app dependencies updated, but we can't forget our tools like Composer also need updates too!
Security Tips
Security Tip: Replace Simple Dependencies
[Tip#45] The more dependencies your project has, the higher your risk of supply-chain attack is, and the less you're aware of what code is actually running...
OWASP Top 10
OWASP In Depth: A08:2021 β Software and Data Integrity Failures
It's a three-in-one for the third last entry into our OWASP Top 10 series!
Security Tips
OWASP Tip: A06:2021 β Vulnerable and Outdated Components
Keep your stuff updated!!
Security Tips
Security Tip: composer audit
[Tip#28] Composer π₯°
Security Tips
Security Tip: Keep Dependencies Updated
[Tip#18] Dependencies are security risks, especially if you have a lot of them or don't keep them updated...