Profile picture
Scott Arciszewski @CiPHPerCoder
, 11 tweets, 3 min read Read on Twitter
Fun activity:

Go through the plugins/extensions/whathaveyou for your favorite CMS/framework (especially eCommerce) and see which ones disable certificate validation for HTTPS requests.…
Plugins for payment gateways that disable either are worth 5 points, unless they disable both, in which case they're worth 20 points.
If you expected to not find anything, well, I hope you didn't bet the farm on that:

Security researcher extraordinaire @indrora probably wins by sheer volume:
Choice findings from @indrora:

So basically what I'm saying is:

- None of y'all use Certainty
- None of y'all are validating TLS certificates in your PHP apps
- Not even eCommerce plugins are doing this
- Certainty makes cacert.pem reliable; validate your fucking certs!
Special shout out to the devs of AzuraCast for not repeating the same mistakes that are so endemic to the PHP ecosystem regarding cURL / HTTPS usage.

Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Scott Arciszewski
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!