homepage Welcome to WebmasterWorld Guest from 54.205.95.9
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
About security
Sub_Seven




msg:4276580
 2:23 pm on Mar 4, 2011 (gmt 0)

Hello people,

The more code I write the more I become concerned about security, lately I have been relying more and more on php and MySQL to display content and have more flexibility but this could lead to vulnerabilities.

What do you guys recommend to analyze my code or the security overall across sites?

I know there is skipfish but I wasn't able to run/install it.

I know I could just google code scanners, but I would like to get some recommendations from the community here first.

Thanks.

 

rocknbil




msg:4276642
 5:06 pm on Mar 4, 2011 (gmt 0)

It's not as hard as it seems. "Keep what you want and throw everything else away" is a good place to start. Unfortunately this means a little more front end work - say, for an email form, you expect an email address and ordinary text for all input. So you can remove any character that is not in that set, and only accept input from fields you expect. The email address field requires a bit more attention, assuring there is only one and it's a valid email pattern.

For run of the mill email injections, before cleansing you might look for known injection patterns. This allows you to stop the script immediately to avoid annoying emails that are "safe" but still come through. There's lots of ways to do it but this is a good place to start.

Sub_Seven




msg:4278448
 6:13 pm on Mar 8, 2011 (gmt 0)

Thanks rocknbil and sorry for the late reply.

I have looked around and found some tools but they all seem to be very difficult to implement, I'd say that the best one can do is do as you say, keep one eye open at all times and try to be one step ahead, I'll keep looking for better ways to check for wholes anyways, I could find one that I like down the road...

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved