Moved to scottarc@infosec.exchange Profile picture
Dec 20, 2018 6 tweets 2 min read
Want to make PHP's exceptions more helpful to your users, even if they're speaking to it over a JSON API or command line script? github.com/paragonie/corn… Note: v1.x of this library targets EOL versions of PHP. You'll ideally want to use version 2 at a minimum.

But anyway, consider this a holiday gift to the PHP community. (I might have proposed it to FIG, if I were a member, and wasn't wary of endless bikeshedding.)
Oct 29, 2018 11 tweets 3 min read
Fun activity:

Go through the plugins/extensions/whathaveyou for your favorite CMS/framework (especially eCommerce) and see which ones disable certificate validation for HTTPS requests.

paragonie.com/blog/2017/10/c… Plugins for payment gateways that disable either are worth 5 points, unless they disable both, in which case they're worth 20 points.
Oct 28, 2018 16 tweets 5 min read
Let's talk about some of the open source libraries that @ParagonIE has created over the years to make it easier to make secure PHP applications.

paragonie.com/software First, the polyfill libraries:

random_compat exists so that your framework can use the newer PHP 7 CSPRNG API even if they support PHP 5. It's used by a lot of projects, including WordPress.

github.com/paragonie/rand…
Feb 6, 2018 30 tweets 5 min read
I've drafted several blog posts in the past week and scrapped them all. None of them feel important enough to write about, let alone publish. This isn't coming from a position of writer's block. This is coming from a position of empathy. Time is precious, and I hate to waste anyone's.