Certifications

CREST STAR CHECK CYBER ESSENTIALS ISO27001 ISO9001

PHP Serialization and SQL Injection

Sanitisation of user input is essential for preventing SQL injection, regardless of the format of the supplied data. Today I'm going to look at SQL injection through a more obscure injection point: serialized PHP arrays. Taking inspiration from a finding in a recent test, I've created a small app which allows the user to upload a CSV file. This file is then converted to a PHP array, serialized and returned to the user as a hidden form field. Finally, this is posted back to the application where the supplied data is inserted into the MySQL database.

Incident Response Week

Ever wondered if you're prepared for a cyber security incident? This week, one of our Directors, Gemma Moore, is guiding you through incident preparation and handling.

Follow us on Twitter for the mini-how-to series, and view the previous blogs here:

Monday: The Five P's

Tuesday: Identifying The Incident

Wednesday: Defining Your Objectives

Thursday: Enacting Your Response

Friday: After The Storm

Cyber Essentials – The Long Road to Certification

There is some confusion surrounding Cyber Essentials; what it is, why people need it and often there is a misinterpretation that Certifying Bodies are responsible for the schemes rules. Cyber Essentials is a relatively new certification. It has been mandated since October 2014 for UK government suppliers, although it is not limited to them, non-government organisations are encouraged to seek to obtain the certification.