Vulnerabilities and Solutions

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
hugh_rimes
Forum Newbie
Posts: 2
Joined: Tue Jan 01, 2013 2:45 pm

Vulnerabilities and Solutions

Post by hugh_rimes »

Hi all!
I need you're help!

For my C.S. Bachelor's Degree I need to write about 5 vulnerabilities in PHP (for every vulnerability I need 2 codes: first for testing vulnerability and second is the solution for that vulnerability).
I've searched in the Security Resources here, and on Google but I didn't find too much.

I hope you will help me, because you know more than me! I know PHP, but when it comes to security, always is room for better.

Excuse my English, is not my native language.

Thank you and a Happy New Year!
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Vulnerabilities and Solutions

Post by requinix »

Vulnerabilities in PHP itself, or in PHP code?
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: Vulnerabilities and Solutions

Post by twinedev »

If you look around in this section, you will see several topics of what can be done wrong. Sorry, not going to just give answers as you said this is for a requirement education, and I'm not trying to be mean, but if you are getting a degree in C.S. you should be able to find and develop your own answers to something like this.(and if you took any type of class on programming PHP, and they were not already discussed, I'd be concerned about your instructor(s))

-Greg
hugh_rimes
Forum Newbie
Posts: 2
Joined: Tue Jan 01, 2013 2:45 pm

Re: Vulnerabilities and Solutions

Post by hugh_rimes »

requinix wrote:Vulnerabilities in PHP itself, or in PHP code?
Hi!
I need in PHP Code.
twinedev wrote:If you look around in this section, you will see several topics of what can be done wrong. Sorry, not going to just give answers as you said this is for a requirement education, and I'm not trying to be mean, but if you are getting a degree in C.S. you should be able to find and develop your own answers to something like this.(and if you took any type of class on programming PHP, and they were not already discussed, I'd be concerned about your instructor(s))

-Greg
Yes, it's for a requirement education, but this is only a small part of my big thesis, and my instructor told me to read and learn about vulnerabilities and to find the code to test on a platform-built by me. So I don't make the security code, I only make the platform work, and a small part of testing vulnerabilites and solutions.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Vulnerabilities and Solutions

Post by requinix »

hugh_rimes wrote:
requinix wrote:Vulnerabilities in PHP itself, or in PHP code?
Hi!
I need in PHP Code.
Then you definitely haven't been looking hard enough.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Vulnerabilities and Solutions

Post by Eric! »

This thread depresses me.

Have you seen the PHP Manual?

http://php.net/manual/en/security.php
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: Vulnerabilities and Solutions

Post by twinedev »

This is why to a lot of real programmers, a degree less than 5 years old (or older without actual work experience) doesn't mean much. Every time I pay my student loan payments, I shake my head as not one programming job I have had in the past 10 years, did the degree even make a difference, it came down to what I could show them I could do. I'm just paying for the enjoyment of the college experience (and well the laptop that I sold off about 8 years ago)
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Vulnerabilities and Solutions

Post by Benjamin »

twinedev wrote:This is why to a lot of real programmers, a degree less than 5 years old (or older without actual work experience) doesn't mean much. Every time I pay my student loan payments, I shake my head as not one programming job I have had in the past 10 years, did the degree even make a difference, it came down to what I could show them I could do. I'm just paying for the enjoyment of the college experience (and well the laptop that I sold off about 8 years ago)
Yep. It's not about the degree, it's more about what can you build, and show us your code..
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: Vulnerabilities and Solutions

Post by twinedev »

When I went for my degree, I met a lady who was very disappointed that in a 2 year programmer, she wouldn't learn everything she would ever need to know about programming. At first, I thought she was pulling my leg. She wasn't. Next day, she wasn't in the 3 classes I had with her, never saw her again. (luckily, this was the first semester of the program)
Post Reply