Added By: Feedage Forager Feedage Grade B rated
Language: English
based policy  based  drupal  gatekeeper  invoke  library  policy evaluation  project  property based  property  psr psr  psr  requested  security 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics


Last Build Date: Sun, 09 Oct 2016 13:17:28 +0000


Protecting your application with PropAuth (Property-based Policy evaluation)ccornutt

Wed, 30 Dec 2015 13:42:53 +0000

Library: PropAuth (Property-based policy evaluation) I’ve been working on a library for a while now that kind of distills down some of the ideas of property-based authorization (like XACML) and makes it a bit more accessible to the average developer. Property-based evaluation can be a little tricky to get your head around if you’re used […](image)

Media Files:

Custom Callbacks with Invokeccornutt

Sun, 26 Jul 2015 12:59:42 +0000

In putting the Invoke library to use I noticed something. While I could tell it to check for groups and permissions on the current user and limit HTTP methods on the request, there were more complex things I needed to check that weren’t part of these defaults. Now, I could just extend invoke to include […](image)

Media Files:

Laravel Route Protection with Invokeccornutt

Wed, 24 Jun 2015 22:54:42 +0000

I started on a tool a while back to “scratch an itch” in a personal project to make it easier to protect endpoints based on the requested URL. The Invoke library makes it possible to detect the route requested and ensure a set of criteria are met to be sure a user can access a […](image)

Media Files:

Why Drupal’s Bug Bounty is Importantccornutt

Wed, 03 Jun 2015 14:14:53 +0000

The Drupal project has just announced a bug bounty program where they’re offering sums between $50-1000 USD for anyone who finds and reports a security issue with Drupal 8: Drupal 8 is nearing release, and with all the big architectural changes it brings, we want to ensure D8 upholds the same level of security as […](image)

Media Files:

Gatekeeper & Policiesccornutt

Mon, 01 Jun 2015 15:21:45 +0000

I’ve been working on a system for a while now, inspired by the work that was done on the Sentry project, to provide a role-based access control system that was not only more well-maintained but also built on the foundation they provided to add in some new features. My “little project” Gatekeeper has really grown […](image)

Media Files:

PHP, Security & PSR-9/PSR-10ccornutt

Fri, 22 May 2015 12:36:30 +0000

Late yesterday afternoon the PSR-9 and PSR-10 drafts were moved into master on the php-fig/standards repository, moving them along to the next step and to get the wider perspective of the main PHP-FIG group’s opinions on it. What are PSR-9 and PSR-10, you ask? Here’s a brief summary so far: At the end of last […](image)

Media Files:

Speaking at AppSec USA 2015ccornutt

Fri, 15 May 2015 16:09:59 +0000

It’s always good to step outside of your usual bubble and try something new every once and a while. I recently took this step and submitted for the AppSec USA 2015 conference happening in San Francisco on September. My topic? PHP security, naturally but it’s to a much more diverse audience. At PHP conferences its […](image)

Media Files:

Social Securityccornutt

Thu, 30 Apr 2015 15:07:35 +0000

Let me preface this by saying I think that sharing knowledge and experiences is a great thing. I love that there’s so many tutorials out there from people showing good practices in security and things they’ve learned along the way. Unfortunately, this is the same place where I see a major downfall. This kind of […](image)

Media Files:

Invoke and Gatekeeper for Route Authentication & Authorizationccornutt

Fri, 24 Apr 2015 12:59:27 +0000

As a part of a new project I’m working on (personal, not work) I came across a common need to enforce authentication and authorization handling in a bit more automated way based on the URL requested. I looked around for options and didn’t really find many that could be implemented somewhat simply but I did […](image)

Media Files:

Developer Security Outreachccornutt

Thu, 29 Jan 2015 16:00:11 +0000

I’ve been thinking a lot lately about how to try to bring the security and development communities together, most specifically for PHP (see these two posts for more on that). PHP has a long standing reputation for being an insecure language that it’s had to overcome. I like to think that evidence in more recent […](image)

Media Files: