DEV Community: Julia K

Automated secure code checks in your workflow

Julia K — Fri, 01 Dec 2023 18:16:28 +0000

Great news from PHP Secure Vulnerability Scanner! You asked - we delivered! When we first started, scanning your project required you to click the Scan button and upload your code. You could package your project and upload it as one archive file, or upload up to 15 individual PHP files.

Our users asked us to add integrations with GitHub and GitLab to allow automated secure code checks to your CI/CD pipeline. Voila - now you can connect PHP Secure to your repository and run automated scans directly in your workflow!

Adding secure code checks to your existing workflow is easy. We have included all the step-by-step instructions to make it simple. Just follow the instructions carefully to set it up without a hitch.

Once connected, every time it is deployed, PHP Secure will check your project for vulnerabilities. Whenever new vulnerabilities are found, you'll be notified. You can view your scan results in your PHP Secure account.

Keep your applications secure and prevent deployment of vulnerable applications or components (registries) by adding PHP Secure to the build as a step in the pipeline.

What do you think of this new feature?

We strive to be on the cutting edge and offer you a superior product for years to come! Do you have any suggestions for improvement?

PHP Secure — Launching on Product Hunt

Julia K — Sat, 28 Oct 2023 09:07:35 +0000

We’ve just launched a free PHP vulnerability scanner and would love & appreciate your support today if you are a Product Hunt member :) thank you in advance!

https://www.producthunt.com/posts/php-secure

30,000 websites are hacked every single day…

Julia K — Fri, 27 Oct 2023 08:09:14 +0000

And we’ve done something about it. We’re thrilled to announce the launch of PHP Secure, your new go-to vulnerability scanner!

PHP Secure proactively scans your website and code to help you manage risks, avert data breaches, and prevent the unthinkable — losing your entire site.

Just upload your code, and you’ll receive detailed breakdowns of each vulnerability, along with concrete steps to secure any weak spots.

De-risk your code now

Best of all? PHP Secure is currently completely FREE, while comparable services can set you back up to $10,000 a month.

We’re launching on Product Hunt this Saturday. We’d love it if you could show your support by hitting the subscribe button on our Coming Soon page.

30,000 websites are hacked every single day…

Julia K — Fri, 27 Oct 2023 08:09:14 +0000

And we’ve done something about it. We’re thrilled to announce the launch of PHP Secure, your new go-to vulnerability scanner!

PHP Secure proactively scans your website and code to help you manage risks, avert data breaches, and prevent the unthinkable — losing your entire site.

Just upload your code, and you’ll receive detailed breakdowns of each vulnerability, along with concrete steps to secure any weak spots.

De-risk your code now

Best of all? PHP Secure is currently completely FREE, while comparable services can set you back up to $10,000 a month.

We’re launching on Product Hunt this Saturday. We’d love it if you could show your support by hitting the subscribe button on our Coming Soon page.

SQL Injection: Real Life Attacks and How it Hurts Business

Julia K — Fri, 28 Apr 2023 09:21:14 +0000

A single malware request can hurt your business. Vulnerabilities of your code can result in:

Significant data theft
Loss of your customers' trust
Financial losses for you & your users
Serious fines from regulatory authorities
Getting blacklisted by Google …Brand, traffic, money, customers' relationships, website and even business could all be lost in a moment.

Over the past 20 years, many SQL injection attacks have targeted large and small websites, business and social media platforms. Some of these attacks led to serious data breaches. A few notable examples are listed below.

Breaches Enabled by SQL Injection

Over 100 million payment card records stolen. $200 million paid out in compensation
Heartland, a company specializing in payment, POS, and payroll systems, had been attacked by SQL injection. Heartland suffered irreparable damage, losing a large portion of customers and over $200 million paid out in compensation. Within months of the incident, their stock prices fell 77%.

Data theft on 5 million websites
In 2021, WooCommerce, a popular ecommerce plugin for WordPress CMS, was found that several of its plugins, features, and software versions were vulnerable to SQLi, and several attacks occurred as a result. Unpatched flaws in the plugin exposed data on 5 million websites to theft. Link

Hackers stole 8.3M records via SQL injection
In 2020, Freepik, one of the largest online graphic resources sites in the world with 18 million monthly unique users, says that hackers were able to steal emails and password hashes for 8.3M Freepik and Flaticon users in an SQL injection attack against the company's Flaticon website. Link

36,000 personal data stolen
Hackers targeted 53 universities using SQL injection, stole and published 36,000 personal records belonging to students, faculty, and staff.

130 million credit card numbers stolen
A team of attackers used SQL injection to penetrate corporate systems at several companies, primarily the 7-Eleven retail chain, stealing 130 million credit card numbers.

1500 clients were impact
Kaseya, an IT solutions provider for MSP and enterprise clients, was a victim of a ransomware attack in 2021. Attackers exploited unpatched SQL vulnerabilities in the company’s VSA servers to impact over 1500 of Kaseya’s clients.

Notable SQL Injection Vulnerabilities

3 million WordPress sites had vulnerabilities by critical SEO plugin flaw
Two critical and high severity security vulnerabilities in the highly popular "All in One" SEO WordPress plugin exposed over 3 million websites to takeover attacks. Link

SQLi let to access 350 million user accounts
Fortnite is an online game with over 350 million users. In 2019, a SQL injection vulnerability was discovered which could let attackers access user accounts. The vulnerability was patched.

Tesla vulnerability
In 2014, security researchers publicized that they were able to breach the website of Tesla using SQL injection, gain administrative privileges and steal user data.

Cisco vulnerability
In 2018, a SQL injection vulnerability was found in Cisco Prime License Manager. The vulnerability allowed attackers to gain shell access to systems on which the license manager was deployed. Cisco has patched the vulnerability.

Vulnerabilities in the plugin, used in over 100,000 active sites
In December, 2022, the WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. Link

Preventing SQL Injection Attack

How to reduce risk and protect code from vulnerabilities we'll talk about in the next article.