Open in app
Sign inGet started
Go to the profile of Er Galvao Abbott
Er Galvao Abbott in The White Hat ElePHPant

I’m Fedora Ambassador LATAM!

I’m very proud to announce that last week I’ve officially joined the Fedora Project as Ambassador LATAM. It’s…

Read more…
Go to the profile of Er Galvao Abbott
Er Galvao Abbott in The White Hat ElePHPant

Important announcement #1

Migrating from SlideShare to SpeakerDeck

TLDR; I’m moving from my original SlideShare to my SpeakerDeck.

It’s no secret that I’ve been very unsatisfied with SlideShare: From silly bugs to weird interface issues to ads, I came to…

Read more…
Go to the profile of Er Galvao Abbott
Er Galvao Abbott in The White Hat ElePHPant

A look into sessions and security

“Final” Part: Eternal sessions of the clueless user

In the fourth article of this series we talked about how to use a score-based approach to minimize false occurrences. Now it’s time to talk about… time.

Read more…
Go to the profile of Er Galvao Abbott
Er Galvao Abbott in The White Hat ElePHPant

A look into sessions and security

Part #3: The score approach

In the third article I’ve reached the conclusion that the most important concepts when thinking about secure sessions are Coherence and Validity. I’ve also touched a very delicate point when dealing…

Read more…
Go to the profile of Er Galvao Abbott
Er Galvao Abbott in The White Hat ElePHPant

PHP7 is evolving! What’s new?

7.1 and the upcoming 7.2 release make PHP even more awesome!

While I’m currently writing the next part of my “A look into sessions and security” series, I couldn’t help to take some time to write on how fast…

Read more…
1 response
Go to the profile of Er Galvao Abbott
Er Galvao Abbott in The White Hat ElePHPant

A look into sessions and security

Part #2: Storage, Access and Meta Data

In my second article we’ve seen how to set up a session in a way that improves it’s security. We’ll now take a look at a few issues about access, storage and meta data.

Read more…
Go to the profile of Er Galvao Abbott
Er Galvao Abbott in The White Hat ElePHPant

A little pause

I wish to apologize for anyone who’s been following my posts on session and security. I’ve been caught in weeks of craziness involving three trips, talks and work.

I haven’t forgot it and the next part is in the making. I should be able to release it next week. Thank you for your patience =)

Go to the profile of Er Galvao Abbott
Er Galvao Abbott in The White Hat ElePHPant

We never took it seriously. WannaCry is the bill.

Update your software. 
Backup often. 
Use a firewall. 
Use an antivirus. 
Don’t trust attachments, etc…

Read more…
Go to the profile of Er Galvao Abbott
Er Galvao Abbott in The White Hat ElePHPant

A look into sessions and security

Part #1: The setup

[Updated on 2018–07–05: Fixed a mistake on the referer_check option]

In the first article of this series we explored the concept and theory behind sessions. Now that we understand what a…

Read more…
Go to the profile of Er Galvao Abbott
Er Galvao Abbott in The White Hat ElePHPant

A look into sessions and security

Part #0: The concept

Index

Part #0: The concept (You’re here!)
Part #1: The setup
Part#2: Storage, Access and Meta Data
Part #3: The Score approach
“Final” Part: Eternal sessions of the clueless user

Read more…
About
The White Hat ElePHPant
The White Hat ElePHPant
PHP Articles, Tutorials, Opnions and occasional rantings by Galvão
More information
Followers
99
Elsewhere