SQL injections. Preventive security.

Posted by Stanislav Furman on June 19, 2019

With this article I want to start a series of articles about web applications security. This topic is truly interesting, sometimes challenging and, of course, very important for any web developer. Even if you think that your website is small and is not attractive to hackers, keep in mind that your website, if it is vulnerable, can be used to trick random users or even attack an external system. For example, using a security hole in your system an attacker can spread an exploit.

In this article I will talk about preventive measures against SQL Injections (aka SQLi). ThoseĀ are preventive measures that may help in case you have legacy code, or someone in your team accidentally (or blindly) writes code vulnerable to SQLi.

Continue reading

Detect an Ajax request in PHP

Posted by Stanislav Furman on August 24, 2017

If you would like to use same PHP code to handle both AJAX and non-AJAX requests, here is a quick and simple trick that you can use to check if the incoming request is AJAX. For our trick we will use a HTTP header called HTTP_X_REQUESTED_WITH. It is supported by all modern browsers that support AJAX. Therefore, it should work in 99% of cases.

Continue reading

HipChat was attacked, some data may have been leaked

Posted by Stanislav Furman on April 23, 2017
HipChat published a security notice about an attack and leaked data

Worst passwords ever

Posted by Stanislav Furman on February 14, 2017
See the worst passwords ever and never make this mistake

Gitlab has lost it's database and realised they have no backups

Posted by Stanislav Furman on February 9, 2017
Gitlab incident led to data lose and showed problems with their backups

Delete all Docker containers and images

Posted by Stanislav Furman on September 9, 2016

First time I heard about Docker was beginning of 2016. Finally, I got a chance to try Docker in "wild nature".

One of the most common things you might need from time to time is to stop or remove all your Docker images in one shot. Here are some simple and useful commands to stop or remove all of Docker containers.

Before deleting Docker containers we need stop them:


$ docker stop $(docker ps -a -q)

Now, when our Docker containers are not running, we can delete them:


$ docker rm $(docker ps -a -q)

Also there is a nice untility to clean your Docker images, volumes and networks. It's called Docker Clean.


Find domain names in just a few seconds

Posted by Stanislav Furman on April 9, 2015

Recently, I have searched for a an online service that suggests available domain name by keywords. I was really impressed by one website that I found.

Continue reading

Microsoft launches MS-DOS Mobile

Posted by Stanislav Furman on March 31, 2015

Spam with animated email subject

Posted by Stanislav Furman on January 23, 2015

Yesterday received into my Gmail inbox a couple of SPAM messages with animated email subject! Didn't it's possible, have never seen it before...

From very first look it seems like a big secirity whole in gmail!

Interesting...


Russian hackers steal 1.2 billion user credentials. Is this true?

Posted by Stanislav Furman on August 6, 2014
Did Russian group of hackers steal 1.2 billion usernames and passwords? I doubt so...