Just Another Hacker
Author's avatar

Announcing safelity

Safelity is a proof of concept PHP library for secure coding. It was released on github a while ago, but formally introduced as part of my presentation “Codified security”, presented at GIDS today. It differs from traditional secure coding concepts in that it aims to make safe code visually identifiable when reading and writing code. But also make it hard to use in an unsafe manner and allow easy auditing of code written with the library. Unfortunately it is a limited functionality library, but I think it illustrates that you can make secure coding about writing secure code as opposed to trying to turn great developers into security experts.

This is predominantly inspired by Joel on software’s post about making wrong code look wrong https://www.joelonsoftware.com/2005/05/11/making-wrong-code-look-wrong/ and the clever engineering that makes parameterized queries/prepared statements very secure and simple to use.

You can find the code on https://github.com/wireghoul/safelity, the talk is being recorded, but may only be available on the conference website.

Author's avatar

The new new

It’s been a while since the last revamp, but I decided to renovate the blog. All of the old content has been moved to http://archive.justanotherhacker.com. I stuck with the notion of a static site generator, and wrote my own with a little inspiration from Bashyll and Roman Zolotarev’s ssg. The design is based on PureCSS, a CSS grid layout system similar to bootstrap without the need for JavaScript.

There are a few upcoming project releases so check back soon!

graudit

Static source code analysis tool for finding vulnerabilities in source code.

htshells

Self contained attacks against per directory configuration in web servers.

PHP omelette

Code obfuscation tool for bypassing web application firewalls.

More

All of the project information on one page!