Page 1 of 1

scanning PHP for security vulnerabilities

Posted: Wed May 28, 2003 5:50 pm
by Casius
I'am a C++ programmer by trade but am currently having to take part in a PHP based project at work. The software design by specification has to be highly security sensitive and so I have been selving into the world of secure PHP programming techniques.

I'am used to using code auditing tools to check for possible exploits and vulnerabilities and to identify areas of concern in C++ source code (ITS4, FlawFinder etc), and so have been using one designed for PHP (RatScan) which can be found here:

http://www.beetlesoft.com/downloads/rat ... an_1.2.exe

It has helped me a lot but I'am using it as a crutch. Can anyone point me in the direction of any guides to secure programming with PHP, or could possibly explain some of the major fundamentals.

Casius.

Posted: Wed May 28, 2003 6:15 pm
by nielsene
I don't have experience with automated tools, but here's my suggestions:

0. Most secure programming techniques are language neutral. What ever process you used before to identify problem spots will still work.
1. Make sure all form inputs are properly cleansed/ validated before use
2. Make sure register_globals is off
3. Try turning safe_mode on and seeing if the script still works, if the script doesn't work investigate the reasons for needing the increased access and make sure its appropriately protected

Bullets 1-3 apply more if you adapting existing PHP that wasn't written with security in mind, as I would assume bullet one is already covered in your specs.

If this is your first "web-services" type application, I'ld recommend checking out book Hacking Exposed: Web-Applications for insight into the common attack modes that this class of application face. The book also includes a lot of links to tools useful for testing your site after creation.