Safeguard
Tag

php-security

Safeguard articles tagged "php-security" — guides, analysis, and best practices for software supply chain and application security.

20 articles

Open Source Security

Most vulnerable PHP frameworks report

A data-driven look at CVEs across Laravel, Symfony, CodeIgniter, Yii2 & ThinkPHP reveals which PHP frameworks carry the most real-world exploitation risk.

Nov 12, 20258 min read
Open Source Security

Laravel security vulnerability trends

A data-driven look at recurring Laravel vulnerability patterns — debug-mode RCE, APP_KEY leaks, and Composer supply chain risk — and how to defend against them.

Nov 12, 20258 min read
Industry Analysis

Object Injection Vulnerabilities in PHP and Node.js

PHP's unserialize() and Node's insecure deserialization both let attackers forge objects and execute code. Here's how object injection works and how to stop it.

Nov 9, 20257 min read
Industry Analysis

SQL Injection Prevention in PHP with Parameterized Queries

Parameterized queries stop SQL injection in PHP by separating code from data. Here's how PDO and MySQLi prepared statements work, and where they still fail.

Oct 26, 20258 min read
Industry Analysis

Path Traversal Prevention in PHP: Avoiding include() with...

PHP's include() turns a path traversal bug into remote code execution. See how CVE-2015-2213 and CVE-2022-1329 happened, and how to prevent it with allowlists.

Oct 25, 20257 min read
Industry Analysis

XXE Prevention in PHP with libxml_disable_entity_loader

libxml_disable_entity_loader() looked like the fix for XXE in PHP, but PHP 8.0 deprecated it. Here's what it did, why it broke, and what to use now.

Oct 21, 20256 min read
Industry Analysis

Secure Random Number Generation in PHP with random_bytes

PHP's mt_rand() has a 32-bit seed space attackers can crack in seconds. Here's why random_bytes() and random_int() replaced it in PHP 7.0, and how weak randomness still causes breaches.

Oct 19, 20257 min read
AppSec

PHP 7.3 to 7.4 Version Vulnerabilities: A Security Changelog

PHP 7.4 vulnerabilities span years of unsupported point releases; here is what changed security-wise across the 7.3 and 7.4 lines and why staying on either branch today is a standing risk.

Mar 19, 20256 min read
php-security (Page 2) — Safeguard Blog