PHP’s Type System, part II: The Internet is Made of String
Part of a series on why PHP’s type system is the best in the world. This post explores why web languages need to be dynamically typed: because the internet is made of string.
PHP’s Type System, part I: Dynamic Typing Causes Bugs
Part of a series on why PHP’s type system is the best in the world. This post explores a class of bugs frequently seen in other dynamically typed languages, which doesn’t happen in PHP.
Exploiting Git Access in Docker Containers
When a build server injects a Github access token into a container to run a package manager, this should be deleted straight after it is used. Version control access tokens are often present on production infrastructure, allowing an attacker to clone all repositories in the Github org.
PHP Object Instantiation Attacks
PHP Object Instantiation attacks are an appsec issue in PHP applications. They rely on meta-programming used to instantiate classes from user-defined classnames.
PHP Object Injection
Object Injection in PHP. Object Injection vulnerability is security issue with PHP applications using the unserialize() function. In the worst case, it can lead to remote code execution.
