Blog

Magento External Malware Scans

Published: August 5, 2017

Tags:

magento-malware-scanner is an extremely valuable tool to help keep your Magento installation secure. Scanning a codebase for malware is dead simple…

$ wget git.io/mwscan.txt
$ grep -Erlf mwscan.txt /path/to/magento

However, it’s equally if not more important to run an external scan of your Magento installation. Here I’ll cover why and how.

Read more

Benchmarking the Impact of Implementing a CDN

Published: August 3, 2017

Tags:

In a talk I’m preparing titled, “Imagining A World Without Caching”, I’m benchmarking the impact of many different forms of caching. One type of caching that the talk covers is “edge caching” a.k.a. content delivery networks (CDNs). I spent a lot of time on Google trying to find hard data showing the impact that implementing a CDN had on page load times. Unfortunately, after nearly an hour of Googling, I couldn’t find the data I was looking for.

As such, I decided to do my own benchmarking. Here, I’ll share my data.

Read more

Phars and distributing PHP CLI apps

Published: July 25, 2017

Tags:

First things first, let’s address a question that I couldn’t easily find an answer to on Google. Is PHP required to execute a phar?

The answer is a loud and clear yes.

In fact, not only is PHP required to execute a phar, but the version of PHP installed on the system that will execute the phar must be in line with the version of PHP used by the phar author.

Read more

Dealing with Jekyll Tags and Case Sensitivity

Published: July 24, 2017

Tags:

To the chagrin of some, tags in Jekyll are case sensitive. This means that “MySQL” and “mysql” are not the same tag.

No matter whether you’re using jekyll-archives for your tag archives pages, or a custom solution, it’s likely that you’ve felt some pain as a result of case sensitivity. I recently went through every post on this blog and to add consistent casing to my tags.

Here I’ll outline a solution I’ve developed to help alleviate the pain of dealing with case sensitivity and tags in Jekyll.

Read more

Parsing Set-Cookie Headers In PHP with Guzzle

Published: July 19, 2017

Tags:

I recently had the need to extract the value of a Set-Cookie response header in PHP. Google lead me http_parse_cookie. Unfortunately, http_parse_cookie requires pecl_http which isn’t available with PHP out of box, and is a pain to install.

Other Google results suggest defining your own function.

After a bit of research, I found the SetCookie class in Guzzle. The implementation is really clean and is the best option for parsing Set-Cookie headers in PHP in my opinion.

Here’s a quick overview of how to use it…

Read more

Findings on XML External Entity Behavior in PHP

Published: July 3, 2017

Tags:

Recently, I’ve been experimenting with XXE (XML External Entity) vulnerabilities in PHP.

I’ve found some inconsistent behavior and posts on the internet that don’t exactly line up with my experience. Here, I wanted to document what I’ve found…

Read more