Replacement is on its way.
We have been a long time user of FlySpray, a simple to use bugtracker. Especially where end-users have access. However, it looks like the project is dead, the website is down, and under modern PHP version there are tons of issues. We fixed a handful of them, but under the current circumstances it does not reports the dates correct anymore and the error messages are annoying. We are currently working on a replacement, but for now, it is what it is. Sorry for that.
Do we do vulnerability testing?
The short answer is yes, but the real question is, is that enough? After all, you, as a developer, create software with the help of our tool and add your code, so eventually, the absolute safety of the application is a combination of both. PHsPeed has a lot of protection built in. There are several tokens, like CSRF, and there is protection against XSS and SQL injection. We try to keep up with the libraries we use to avoid introducing vulnerabilities.
Automated vulnerability tools of commercial parties can scan your website. Some parties can scan your code, and you pay per line of code. That makes it quite expensive, and it never replaces the work of a real ethical hacker. But there are ways that you can use to verify the created project for vulnerabilities, and I like to show you the results of ZAP, an open source and free tool from the OWASP community. This tool is able to scan your project and I will explain the result of one of our applications here.
This is the customer portal that you find on our website. In the next screenshot you see the result of a ZAP scan:
If you want to do something similar then download ZAP from the OWASP website, and use localhost:8010/your application to scan. So what does the scan tell us?
There are 18 notifications. So let's look into them one by one:
Conclusion. The application we tested has no High-risk items, a few medium risks (due to the fact that the web server used is configured for development and testing and a library with a newer version), and a few low-risk items. Considering the result, updating the libraries fixes all issues here.
The main question is now, is the application safe? Well, to a certain extent. No application is 100% safe, and this is an automated test. It is helpful, but an actual penetration test by an ethical hacker is always advised, especially if you manage critical data. But it is obvious that we do our checks often and are continuously aware of threats. But in the end, you, as a user, are creating applications. Therefore you have your own responsibility to verify the quality of the result. No 2 applications will be the same; therefore, ALWAYS do your own testing! If you have vulnerabilities that you believe are the result of some mishap in our code, report these, and we will do our utmost best to fix them with #1 priority.
Happy coding!
After extensive testing we are proud to release version 3.0
This version contains many improvements, and you can find the details in the Release Notes that you can find on the download page.
If you are a customer, you must download the latest installer to use version 3.0. If you are a user of the pre-release of 3.0, then an upgrade notice will appear automatically.
One significant improvement is that you can run multiple versions of PHsPeed together. We removed the dependencies, and now all PHsPeed software is installed in one folder. If you want to uninstall, you can delete the install folder, and it's gone. We do not store items in the registry; all setup is saved in an ini file that is part of the main install folder. That is also the reason why you don't find an uninstall option in the Windows applications section.
In comparison with the previous release, you will see that we have a new user interface. It now follows the standard application development workflow and is the result of the hard work of our front-end designer. It is different, but our developers got used to it very soon, and we haven't heard anything bad about it from our beta testers.
Other enhancements are that we have released our first document that contains a PHsPeed primer and a PHP primer (for novice developers). And we will release some basic courseware soon. We have released some new videos on our YouTube channel, and there are more on their way. Of course, we have also been improving our manual, which is a continuous process.
So a lot is going on currently. We hope that you will enjoy our new release. We're happy to answer your questions and read your comments.
Oh, before I forget, we also restarted our webinars. If you are new to PHsPeed, they are a great way if you want to be introduced. We also provide instruction on a private level.
Happy coding!