all InfoSec news
Preventing Installing Composer Dependencies with Known Security Vulnerabilities
DEV Community dev.to
Introduction
A key piece of building modern-day web applications with PHP involves using packages and libraries built by other developers around the world.
As a result of this, it means there can be a lot of moving pieces that you don't always have control over. So it can be possible for you to install dependencies in your PHP projects that have known vulnerabilities. Whether the vulnerabilities be bugs that were accidentally introduced, or supply-chain attacks that were intentionally added.
To …
applications bugs composer control dependencies developers don install introduction key known vulnerabilities laravel moving packages php piece projects result security vulnerabilities web web applications webdev world