Part of a series on why PHP’s type system is the best in the world. This post explores why web languages need to be dynamically typed: because the internet is made of string.
Part of a series on why PHP’s type system is the best in the world. This post explores a class of bugs frequently seen in other dynamically typed languages, which doesn’t happen in PHP.
When a build server injects a Github access token into a container to run a package manager, this should be deleted straight after it is used. Version control access tokens are often present on production infrastructure, allowing an attacker to clone all repositories in the Github org.
PHP Object Instantiation attacks are an appsec issue in PHP applications. They rely on meta-programming used to instantiate classes from user-defined classnames.
Object Injection in PHP. Object Injection vulnerability is security issue with PHP applications using the unserialize() function. In the worst case, it can lead to remote code execution.