cases of care for security ,javaspript

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
delhiris
Forum Commoner
Posts: 33
Joined: Sun Sep 06, 2009 3:57 pm

cases of care for security ,javaspript

Post by delhiris »

I know two cases of care when you make web sites with PHP
The first is SQl injection and the second is protecting Checkbox and edits(in slome languages they are named "edit',elements of the pages for searching for example) for inserting javascprits ,how i know.

can other cases of PHP developing for taking care of security?

i copy and paste javascipt from random web site, for example.Shoul i take care for security,from aspect of javascript?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: cases of care for security ,javaspript

Post by kaisellgren »

When it comes to security of a PHP application, there are several things to note, some of them being more theoretical than practical. The aspect of JavaScript would belong to the category of XSS. Security is a large area and there's no easy way to put it in a nutshell.

A secure application handles authentication (login, cookies, passwords, etc.), authorization (proper permissions, etc.), sessions (cookies, identifiers, tokens, etc.), injection attacks (XSS, header injections, SQLi, LDAPi, XPATHi, directory traversal, null byte injections, RCE, etc.), other miscellaneous attacks (CSRF, MITM, LFI, RFI, etc) properly and follows good and proven principles. It's not always about protecting from a specific attack, but sometimes about the strength of something (e.g. a strength of a key/some system).

SQLi and XSS are the most common types of attacks so start from there.
delhiris
Forum Commoner
Posts: 33
Joined: Sun Sep 06, 2009 3:57 pm

Re: cases of care for security ,javaspript

Post by delhiris »

Kia plaese tell me books for solving these security problems i PHP.

Thanksadvace
Post Reply