background preloader

Phpsecaudit - Spike Developer Zone

Phpsecaudit - Spike Developer Zone
Black Duck plans to integrate the SpikeSource products and services into its offerings. The SpikeForge open source projects are being migrated to other forges, and we’re encouraging members of the Developer Zone to join developers on, Black Duck’s open source project directory and community. As mentioned on the Developer Zone homepage, we will be discontinuing the SpikeSource website and the Developer Zone starting January 9, 2011. If you are looking another Spikeforge project, please contact us at Read the full announcement.

SecCom Labs » Exploit-Me Exploit-Me is a suite of tools and applications designed to help with application security testing. The Exploit-Me Firefox plugin series was originally introduced at the SecTor conference in Toronto. The slides for the presentation are available for download. PHPLint Current version: 2.0_20140331 PHPLint is a validator and documentator for PHP 4 and PHP 5 programs. PHPLint extends the PHP language through transparent meta-code that can drive the parser to a even more strict check of the source. PHPLint is not simply a checker: it implements a new, strong typed, language implemented over the PHP language. You can build your programs from scratch with PHPLint in mind, or you can check and fix existing programs, or you can follow the quick-and-dirty PHP programming way and then add the PHPLint meta-code later once the program is finished.

How to move MySQL datadir to another drive Your MySQL database takes a huge space and your current drive is almost full? One of the available options is to move MySQL database to another drive with minimal downtime, here is how... On some machines this can also increase MySQL performance, especially one with fast drive -- such as Raptor or SCSI drive. I'm assuming: - the second drive mounted as "/home2" - current MySQL datadir is "/var/lib/mysql" Testing Replication Over the Pond – Part 2 Secure - Everything MySQL Testing Secure Replication For the first test I used encrypted (SSL) replication and inserted 200,000 records using three 10 minute disconnection intervals per hour. After several hundred thousand of inserts, deletes and updates on the SOA and RR tables simultaneously over a normally connected SSL replication channel I have the following results:

RATS - Rough Auditing Tool for Security Welcome to RATS - Rough Auditing Tool for Security RATS - Rough Auditing Tool for Security - is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential severity of each problem, to better help an auditor prioritize.

Track your dependencies with PHP_Depend - Manuel Pichler To provide a flexible and extendable software, it is a good OO practice to reduce the dependencies between implementing classes. This could be achieved by developing against abstractions which means both, abstract classes and interfaces. By using abstractions instead of real implementation in the application you provide some sort of contract, that could be used by others to hook into the application with their own classes that fulfill the contract.

Moving the MySQL's datadir directory. - lunatechian (lunatech-ia By default, MySQL's datadir is placed in the /var/lib/mysql directory. However, if you are planning on using MySQL tables to store a lot of data and your /var partition is small, it might cause you problem at a later stage. In such a scenario, it is better to move the MySQL's datadir to another partition (like /home. The steps are Testing Replication Over the Pond - Part 1 Non-Secure - Everything MySQL Testing Non-Secure Replication A series of experiments were conducted to determine whether MySQL replication would prove to be reliable with SSL enabled. Please note that all tests were conducted using the MyDNS schema with includes the SOA and RR tables on MySQL 5.1. The first experiment sets focused on replication operations and not on a predetermined set of Insert, Update or Delete patterns. So Inserts were used since they are the easiest to tag and verify. Again, the focus is on replication channel fault recovery.

Yasca - Yasca is a source code analysis tool that I started writing in 2007. It could best be described as a "glorified grep script" plus an aggregator of other open-source tools. Yasca can scan source code written in Java, C/C++, HTML, JavaScript, ASP, ColdFusion, PHP, COBOL, .NET, and other languages. Yasca can integrate easily with other tools, including: FindBugs PMD JLint JavaScript Lint PHPLint CppCheck ClamAV RATS Pixy Yasca is designed to be very flexible and easy to extend. Best FireFox Addons to Analyze Page Load Time Keeping track of your site page load time is essential because it effects both the user experience and the crawl rate. This post lists 3 most useful FireFox addons that will help you analyze web page load time as you browse: YSlow YSlow is the official Yahoo!

Top 20+ MySQL Best Practices Database operations often tend to be the main bottleneck for most web applications today. It's not only the DBA's (database administrators) that have to worry about these performance issues. We as programmers need to do our part by structuring tables properly, writing optimized queries and better code. In this article, I'll list some MySQL optimization techniques for programmers. Questions about JUnit Can You Write a JUnit Test Case Class in 2 Minutes? JUnit Questions and Answers (Continued from previous question...) Can You Write a JUnit Test Case Class in 2 Minutes?