Add note about Paragon Initiative security guide

Gemfile

@@ -1,3 +1,3 @@
 source 'https://rubygems.org'
-gem 'github-pages'
+gem 'github-pages', group: :jekyll_plugins
 gem 'rouge'

Gemfile.lock

@@ -2,57 +2,61 @@ GEM
   remote: https://rubygems.org/
   specs:
     RedCloth (4.2.9)
-    activesupport (5.0.0.1)
+    activesupport (5.2.0)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
     addressable (2.4.0)
     blankslate (2.1.2.4)
-    classifier-reborn (2.0.4)
+    classifier-reborn (2.2.0)
       fast-stemmer (~> 1.0)
     coffee-script (2.4.1)
       coffee-script-source
       execjs
-    coffee-script-source (1.10.0)
+    coffee-script-source (1.12.2)
     colorator (0.1)
-    concurrent-ruby (1.0.2)
-    ethon (0.9.1)
+    concurrent-ruby (1.0.5)
+    ethon (0.11.0)
       ffi (>= 1.3.0)
     execjs (2.7.0)
-    faraday (0.10.0)
+    faraday (0.15.2)
       multipart-post (>= 1.2, < 3)
     fast-stemmer (1.0.2)
-    ffi (1.9.14)
-    ffi (1.9.14-x64-mingw32)
+    ffi (1.9.25)
     gemoji (2.1.0)
-    github-pages (39)
+    github-pages (43)
       RedCloth (= 4.2.9)
-      github-pages-health-check (~> 0.2)
+      github-pages-health-check (= 0.6.0)
       jekyll (= 2.4.0)
       jekyll-coffeescript (= 1.0.1)
       jekyll-feed (= 0.3.1)
+      jekyll-gist (= 1.4.0)
       jekyll-mentions (= 0.2.1)
-      jekyll-redirect-from (= 0.8.0)
+      jekyll-paginate (= 1.1.0)
+      jekyll-redirect-from (= 0.9.1)
       jekyll-sass-converter (= 1.3.0)
-      jekyll-sitemap (= 0.8.1)
+      jekyll-seo-tag (= 0.1.4)
+      jekyll-sitemap (= 0.9.0)
       jemoji (= 0.5.0)
-      kramdown (= 1.5.0)
+      kramdown (= 1.9.0)
       liquid (= 2.6.2)
       maruku (= 0.7.0)
       mercenary (~> 0.3)
       pygments.rb (= 0.6.3)
-      rdiscount (= 2.1.7)
-      redcarpet (= 3.3.2)
+      rdiscount (= 2.1.8)
+      redcarpet (= 3.3.3)
       terminal-table (~> 1.4)
-    github-pages-health-check (0.3.2)
-      net-dns (~> 0.6)
+    github-pages-health-check (0.6.0)
+      addressable (~> 2.3)
+      net-dns (~> 0.8)
       public_suffix (~> 1.4)
       typhoeus (~> 0.7)
     html-pipeline (1.9.0)
       activesupport (>= 2)
       nokogiri (~> 1.4)
-    i18n (0.7.0)
+    i18n (1.0.1)
+      concurrent-ruby (~> 1.0)
     jekyll (2.4.0)
       classifier-reborn (~> 2.0)
       colorator (~> 0.1)
@@ -77,71 +81,76 @@ GEM
       html-pipeline (~> 1.9.0)
       jekyll (~> 2.0)
     jekyll-paginate (1.1.0)
-    jekyll-redirect-from (0.8.0)
+    jekyll-redirect-from (0.9.1)
       jekyll (>= 2.0)
     jekyll-sass-converter (1.3.0)
       sass (~> 3.2)
-    jekyll-sitemap (0.8.1)
-    jekyll-watch (1.5.0)
-      listen (~> 3.0, < 3.1)
+    jekyll-seo-tag (0.1.4)
+      jekyll (>= 2.0)
+    jekyll-sitemap (0.9.0)
+    jekyll-watch (1.5.1)
+      listen (~> 3.0)
     jemoji (0.5.0)
       gemoji (~> 2.0)
       html-pipeline (~> 1.9)
       jekyll (>= 2.0)
-    kramdown (1.5.0)
+    kramdown (1.9.0)
     liquid (2.6.2)
-    listen (3.0.8)
+    listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
+      ruby_dep (~> 1.2)
     maruku (0.7.0)
     mercenary (0.3.6)
-    mini_portile2 (2.1.0)
-    minitest (5.9.1)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
     multipart-post (2.0.0)
     net-dns (0.8.0)
-    nokogiri (1.6.8.1)
-      mini_portile2 (~> 2.1.0)
-    nokogiri (1.6.8.1-x64-mingw32)
-      mini_portile2 (~> 2.1.0)
-    octokit (4.6.1)
+    nokogiri (1.8.3)
+      mini_portile2 (~> 2.3.0)
+    octokit (4.9.0)
       sawyer (~> 0.8.0, >= 0.5.3)
     parslet (1.5.0)
       blankslate (~> 2.0)
-    posix-spawn (0.3.12)
+    posix-spawn (0.3.13)
     public_suffix (1.5.3)
     pygments.rb (0.6.3)
       posix-spawn (~> 0.3.6)
       yajl-ruby (~> 1.2.0)
-    rb-fsevent (0.9.8)
-    rb-inotify (0.9.7)
-      ffi (>= 0.5.0)
-    rdiscount (2.1.7)
-    redcarpet (3.3.2)
-    rouge (2.0.7)
+    rb-fsevent (0.10.3)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    rdiscount (2.1.8)
+    redcarpet (3.3.3)
+    rouge (3.1.1)
+    ruby_dep (1.5.0)
     safe_yaml (1.0.4)
-    sass (3.4.22)
+    sass (3.5.6)
+      sass-listen (~> 4.0.0)
+    sass-listen (4.0.0)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
     sawyer (0.8.1)
       addressable (>= 2.3.5, < 2.6)
       faraday (~> 0.8, < 1.0)
-    terminal-table (1.7.3)
-      unicode-display_width (~> 1.1.1)
-    thread_safe (0.3.5)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    thread_safe (0.3.6)
     toml (0.1.2)
       parslet (~> 1.5.0)
     typhoeus (0.8.0)
       ethon (>= 0.8.0)
-    tzinfo (1.2.2)
+    tzinfo (1.2.5)
       thread_safe (~> 0.1)
-    unicode-display_width (1.1.1)
-    yajl-ruby (1.2.1)
+    unicode-display_width (1.4.0)
+    yajl-ruby (1.2.3)
 
 PLATFORMS
   ruby
-  x64-mingw32
 
 DEPENDENCIES
   github-pages
   rouge
 
 BUNDLED WITH
-   1.13.6
+   1.16.2

_posts/10-01-01-Security.md

@@ -3,3 +3,6 @@ anchor: security
 ---
 
 # Security {#security_title}
+
+The best resource I've found on PHP security is [The 2018 Guide to Building Secure PHP Software](https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software) by
+[Paragon Initiative](https://paragonie.com/).