In the early days of web development, PHP developers often relied on functions like mysql_escape_string() to sanitize user inputs. However, this approach was fraught with pitfalls. Misuse, incorrect character encoding handling, and a lack of awareness led to numerous vulnerabilities. To address these issues, mysql_real_escape_string() was introduced, which considered the current character set of the database connection, offering a more…
Leave a CommentTag: GenAI
I had a great time speaking at ThreatCon.io Hacking Conference in beautiful Kathmandu, Nepal. During my talk we discussed the new world of LLM auto-suggested code and therefore it’s influence on secure coding. One of the key findings I demoed is, that while tools like GitHub Copilot can speed things up, they sneak in various vulnerabilities. But we also discussed…
Leave a Comment