A curated list of resources for learning about application security.
Maintained by Paragon Initiative Enterprises with contributions from the application security and developer communities.
This README file is dynamically generated from the data/
directory.
See src/compiler.php
for more information.
Released: February 25, 2014
Advice on cryptographically secure pseudo-random number generators.
Released: August 6, 2014
A post on Crackstation, a projecy by Defuse Security
Released: May 3, 2014
Mentions many ways to make /dev/urandom
fail on Linux/BSD.
Released: September 27, 2011
Great introduction to Web Application Security; though slightly dated.
Learn about application security by attempting to hack this website.
Where hackers and security experts come to train.
Self-assessment quiz for web application security
Showcasing bad cryptography
The top ten most common and critical security vulnerabilities found in web applications.
It's All About Time (2014)
Released: November 28, 2014
A gentle introduction to timing attacks in PHP applications
Released: April 21, 2015
Discusses password policies, password storage, "remember me" cookies, and account recovery.
Symmetric-key encryption library for PHP applications. (Recommended over rolling your own!)
If you're using PHP 5.3.7+ or 5.4, use this to hash passwords
Useful for generating random strings or numbers
The blog of our technology and security consulting firm based in Orlando, FL
A blog about PHP, Security, Performance and general web application development.
A weekly newsletter about PHP, security, and the community.