Skip to main content

Introduction to PHP Security

Intro to Php Security

This article has reference to the PHP meet up in 2007 and the presentation by Dave Ross discussing security issues and options related to PHP programming. It begins by outlining common attack vectors like validation circumvention, code injection, SQL injection, and cross-site scripting. It then provides examples of each attack and recommendations for preventing them, such as validating all user input and escaping special characters when outputting data. The document also introduces tools for analyzing PHP code security like PHPSecAudit and browser developer toolbars. It emphasizes the importance of securing applications from the beginning rather than as an afterthought.

Click on the below image to go to the actual presentation.
Labels:

Comments

Post a Comment

Want to tell something about this post. Please feel free to write...

Popular posts from this blog

Survey says: PHP passes Microsoft Active Server Pages

By JT Smith on June 11, 2002 (8:00:00 AM) With a faltering economy forcing companies to cut spending whenever possible, less expensive and freely available Open Source software solutions may be gaining in popularity. Those wanting proof can look no further to PHP taking the top server-side scripting spot in a recent Internet host survey. In April 2002, Netcraft's monthly Web server survey revealed that 24 percent, or around 9 million of the 37 million sites it surveyed, were using Hypertext Preprocessor (PHP) for a server side scripting language. For the first time, an Open Source scripting solution had passed Microsoft's proprietary Active Server Pages scripting to claim the top spot on the Netcraft survey. For both the April and May Netcraft surveys, PHP and ASP were almost too close to call, with Microsoft's product offering coming in just a hair under 24 percent of all hosts running a server-side script
Post a Comment
Find more....

PHP Code Review Guidelines

General  The code works  The code is easy to understand  Follows coding conventions  Names are simple and if possible short  Names are spelt correctly  Names contain units where applicable  There are no usages of magic numbers  No hard coded constants that could possibly change in the future  All variables are in the smallest scope possible  There is no commented out code  There is no dead code (inaccessible at Runtime)  No code that can be replaced with library functions  Variables are not accidentally used with null values  Variables are immutable where possible  Code is not repeated or duplicated  There is an else block for every if clause even if it is empty  No complex/long boolean expressions  No negatively named boolean variables  No empty blocks of code  Ideal data structures are used  Constructors do not accept null/none values  Catch clauses are fine grained and catch specific exceptions  Exceptions are not eaten if caught, unless explicitly documente
Post a Comment
Find more....

Multiple Checkboxes Validation

This is a regular problem and solution is hardly available on google. When we use multiple checkboxes of same group (same name with square brackets) and you've to read the values from server side, then below solution will help you. Here I'm using jQuery (https://jquery.com/) and jQuery Validate plugin (https://jqueryvalidation.org/) For an example, I've to ask a user which of the listed book they are interested to know about <form id="BooksForm" method="post" name="BooksForm"> <p>Books you are interested in </p> <input class="Books" id="Book1" name="Books[]" type="checkbox" value="1" /> The Inner Game of Tennis <br /> <input class="Books" id="Book2" name="Books[]" type="checkbox" value="1" /> Monk who sold his ferrari <br /> <input class="Books" id="Book3" name=&quo
Post a Comment
Find more....