homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Gold Sponsor 2015!
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

Five Common Web Application Vulnerabilities

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Msg#: 12721 posted 2:29 pm on May 3, 2006 (gmt 0)

Five common Web application vulnerabilities


article looks at five common Web application attacks, primarily for PHP applications, and then presents a case study of a vulnerable Website that was found through Google and easily exploited. Each of the attacks we'll cover are part of a wide field of study, and readers are advised to follow the references listed in each section for further reading. It is important for Web developers and administrators to have a thorough knowledge of these attacks. It should also be noted that that Web applications can be subjected to many more attacks than just those listed here.



WebmasterWorld Senior Member pageoneresults us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 12721 posted 2:36 pm on May 3, 2006 (gmt 0)

Ah, the perils us marketers are faced with.

Brett, do you think it possible that the search engines may take this into consideration when indexing pages? I see lots of discussion around here lately about how certain sites are just dropping out of the index completely. And then I read through the above article and see references to software that many are using here where these exploits are possible.

If you were a search quality engineer, and you could easily detect if a site had one or more of these vulnerabilities, wouldn't you want to exclude those sites from your index to protect your visitors?


WebmasterWorld Senior Member 10+ Year Member

Msg#: 12721 posted 7:36 am on May 4, 2006 (gmt 0)

nice pick!

i don't think, that's a good idea to judge a page on a specific identification string only (and that's how it is done to use google or others to locate insecure setups). it is even an insecure approach to think this will create more security, it will only obscure it more and there are many other methods to automatically detect insecure setups - but not for every google user.

more and more users should care about what software they are using and they should take care about security updates. often that's all. as quoted in the article:

"No language can prevent insecure code, although there are language features which could aid or hinder a security-conscious developer."
-Chris Shiflett

so this can happen with any software. but most webmasters use webapps (which are often publicly accessable) and they want their stuff in SEs, so this is a kind of risk-group, especially if they do not care about maintenance.


Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved