1 views collected around this technical thread.
This article examines essential security measures for PHP applications, covering protection against SQL injection, XSS, CSRF, unsafe file uploads, session fixation, weak passwords, error disclosure, and the importance of HTTPS, with practical code examples and configuration tips to build more resilient web services.
This article explains how to securely hash passwords in PHP using the password_hash function, covering the concept of hashing, code examples for creating and verifying hashes, automatic salting, and best practices for protecting user credentials.
This article explains how Laravel’s built‑in features—such as Eloquent ORM, CSRF tokens, Blade auto‑escaping, the Hash facade, and the Encrypter service—help developers protect web applications against SQL injection, CSRF, XSS, insecure password storage, and data exposure.
This article explains why PHP security is critical and outlines five common PHP vulnerabilities—SQL injection, XSS, CSRF, remote code execution, and file inclusion—along with comprehensive best‑practice recommendations such as input validation, secure password storage, session management, error handling, and continuous learning.
This article explains why servers cannot know your original password, covering the principles of password hashing, the difference between cryptographic and non‑cryptographic hash functions, the role of salts, and a Java example using SHA‑256 with salt to securely store passwords.
This article explains three common PHP password encryption techniques—md5, password_hash, and crypt—providing detailed code examples and guidance on securely storing user passwords during registration and login processes.
The article explains why MD5 and simple salted hashes are insecure for password storage, distinguishes between cryptographic and non‑cryptographic hash functions, introduces slow key‑derivation algorithms such as Bcrypt, Scrypt and Argon2, and recommends using strong KDFs with unique salts in modern applications.
This article explains three common PHP password encryption techniques—md5, password_hash (using BCrypt), and crypt—detailing their security considerations and providing complete code examples for user registration and login verification.
This article explains essential PHP techniques—including HTTPS, password hashing, prepared statements, encryption algorithms, and captchas—along with practical code examples to help developers protect sensitive data from attacks and leaks.
This article explains what brute‑force attacks are, why they threaten PHP applications, and presents three practical defenses—two‑factor authentication, enforced password policies, and brute‑force mitigation techniques—along with complete PHP code examples for each method.
This article explains the differences between hashing and encryption, demonstrates Java's built‑in hash implementations, discusses the insecurity of MD5 and rainbow‑table attacks, and provides a detailed guide on using BCrypt with Spring Security, including code examples and the PasswordEncoder interface.
Argon2, the 2015 PHC champion, is a memory‑hard password‑hashing function that leverages large memory usage and configurable parameters to thwart GPU, FPGA, and ASIC attacks, offering three variants (d, i, id) and detailed security, performance, and implementation analysis.
The article presents complete, licensed implementations of salted PBKDF2‑SHA1 password hashing for both ASP.NET (C#) and Ruby on Rails, detailing the source code, usage methods, and verification procedures to securely store and validate passwords.
This article explains why simple password hashing is insufficient, describes common attacks such as dictionary, brute‑force, lookup‑table and rainbow‑table attacks, and provides best‑practice guidance—including random salts, CSPRNGs, key‑stretching algorithms like PBKDF2, bcrypt and scrypt—and complete PHP reference implementations.
This article outlines the most common web application security threats—including XSS, SQL injection, CSRF, transmission hijacking, credential leaks, brute‑force attacks, and token theft—and provides practical mitigation techniques such as proper escaping, CSP, parameterized queries, CSRF tokens, HTTPS, HSTS, HPKP, encrypted password storage, two‑factor authentication, and robust token handling.
The article explains that general‑purpose hash functions like MD5 and SHA families are fast and vulnerable to brute‑force attacks, while bcrypt’s deliberately slow, work‑factor‑adjustable design makes it a far more secure choice for storing passwords.