fsebugoutzone.org:9999

       Post AWRNESZDVSeJDyRDma by wogan@mastodon.africa
 (DIR) More posts by wogan@mastodon.africa
 (DIR) Post #AWQ0vPlzHIywuIxt1U by valorin@infosec.exchange
       2023-06-06T00:50:52Z
       
       0 likes, 1 repeats
       
       I&#39;m going to do a series on https://securinglaravel.com debunking the various &quot;PHP and/or Laravel is Insecure&quot; claims. Because they are getting pretty ridiculous... 😒What claims would you like me to debug? 🕵️#PHP #Laravel (Pls boost for reach)
       
 (DIR) Post #AWQ0vQdA5bW5ZDqLuC by wogan@mastodon.africa
       2023-06-06T15:22:50Z
       
       0 likes, 0 repeats
       
       @valorin If you can just communicate that &quot;Laravel is not Wordpress&quot; and &quot;not all PHP projects are built the same&quot;, that&#39;s like 80% of the perception problem right now.Wordpress is an unauthenticated remote shell that happens to have a CMS built in, but its popularity has shaped the overall impression of what PHP is, and it&#39;s the worst possible example from a system design standpoint.
       
 (DIR) Post #AWQ1Rzmsudwrs2v7rs by wogan@mastodon.africa
       2023-06-06T15:28:44Z
       
       0 likes, 0 repeats
       
       @valorin Another common one is the politely-sanitized phrase &quot;low barrier to entry&quot;, which in its truest form, is a kvetch that &quot;any old riffraff can write PHP scripts and host them on free cPanel sites&quot;, and because it&#39;s &quot;so easy&quot;, it&#39;s &quot;inherently insecure&quot; because anyone can write code in it.Mostly I see this complaint from people who chose to start out on a really tough tech stack, and misattribute friction for good design.
       
 (DIR) Post #AWQhyxwMzrcZm0lF20 by valorin@infosec.exchange
       2023-06-06T23:25:16Z
       
       0 likes, 0 repeats
       
       @wogan Good points, thanks! I spent some time in the WP security space, so my urge is to defend WP core (it&#39;s the plugins and themes that are insecure), but you&#39;re definitely right that the perception of WP being insecure hangs around PHP quite significantly. Folks assume that WP is insecure because of PHP, which is absurd. 😔
       
 (DIR) Post #AWRNESZDVSeJDyRDma by wogan@mastodon.africa
       2023-06-07T07:07:30Z
       
       0 likes, 0 repeats
       
       @valorin I think to a lot of folks, the &quot;it&#39;s the plugins&quot; is a distinction without a difference: Wordpress, as a product/brand, promises a huge ecosystem of easily-installable third-party modules (arguably, the reason people use it at all), but unlike any other app store, don&#39;t take responsibility for the quality or security of those modules.Wordpress the Core Codebase has very few CVEs, but Wordpress the Ecosystem is a nightmare, and the two are (arguably, correctly) conflated.
       
 (DIR) Post #AWShGN7guVPtA1iDjs by valorin@infosec.exchange
       2023-06-07T22:26:37Z
       
       0 likes, 0 repeats
       
       @wogan Completely agreed.That said, WP&#39;s nature is very different from a commercial app store. But the difference is lost on users, much like the WP vs Plugins insecurity discussion.WP is in a tough position.