Software Security/php

Uit Werkplaats
Ga naar: navigatie, zoeken

PHP

This wiki page collects some info about PHP

  • OWASP has a PHP project, but unfortunately there is no content yet :-(. OWASP does provide useful info in the PHP Top 5
  • The PHP security consortium (phpsec.org) has produced the PHP Security Guide and collects some pointers to other PHP security info;The website of the PHP security consortium hasn't been updated since 2006, so the initiative apparently died
  • The book "19 Deadly Sins of Software Security" includes PHP-specific info on preventing SQL injection, XSS, Magic URLS and hidden form fields, and information leakage. The book is in the Nijmegen library under 8041HO and there is a copy in the "studielandschap" which cannot be lent out, so should always be there to have a read.
  • Articles about PHP security by Chris Shiflett from PHP Magazine and php|architect, on topics such as SQL injection, XSS, sessions, etc.
  • XSS Cheat Sheet, not only for php but a general "cheat sheet" with vectors that successfully evaded common and uncommon XSS-protection mechanisms.