Snyk Code support for PHP vulnerability scanning is now available in beta. Now security issues in PHP code can be identified quickly and easily. To get started, log into Snyk or sign up for a free account. Once logged in on the dashboard, click on the Add Project button in the top right corner and connect to a repository you want to scan.
Following on from my previous post on testing for PHP Composer security vulnerabilities, I thought this post might be useful in helping create more secure applications that prevent PHP code injection. As developers, we build apps to help make end users’ lives easier. Be it entertainment, workplace or social network application, the end goal is to protect the users we build for by ensuring we build security into the code.
PHP is used extensively to power websites. From blogging to ecommerce, it’s embedded in our everyday lives and powers much of the internet we use today. According to a Wappalyzer report on top programming languages of 2020, PHP has a 79% market share of backend languages used on the internet today. One of the biggest challenges with PHP libraries over the years has been package management. There have been a few ways to easily install and maintain libraries including PECL, CPAN.
In volume 11 of our annual State of Software Security (SOSS) report, we uncovered some valuable nuggets of information about how you, the innovative developers of our world, can craft more secure code. For example, did you know that scanning via API improves the time to remediate 50 percent of security flaws by about 17 days, or that C++ and PHP languages have an alarmingly high number of severe security flaws and need greater attention?
The simple answer is to use a compiled code tool and implement as many security features as possible, but sometimes time can be a factor and other matters take precedence so less time goes into security. If your code is valuable then you really should spend time adding more layers of code protection (obfuscation, script licensing, encryption) and there is one feature in particular which sets ionCube apart from other tools, offers advanced protection for your PHP code and is fairly quick to setup.
