Page 1 of 1

Vulnerabilities and Solutions

Posted: Tue Jan 01, 2013 2:58 pm
by hugh_rimes
Hi all!
I need you're help!

For my C.S. Bachelor's Degree I need to write about 5 vulnerabilities in PHP (for every vulnerability I need 2 codes: first for testing vulnerability and second is the solution for that vulnerability).
I've searched in the Security Resources here, and on Google but I didn't find too much.

I hope you will help me, because you know more than me! I know PHP, but when it comes to security, always is room for better.

Excuse my English, is not my native language.

Thank you and a Happy New Year!

Re: Vulnerabilities and Solutions

Posted: Tue Jan 01, 2013 8:28 pm
by requinix
Vulnerabilities in PHP itself, or in PHP code?

Re: Vulnerabilities and Solutions

Posted: Tue Jan 01, 2013 8:33 pm
by twinedev
If you look around in this section, you will see several topics of what can be done wrong. Sorry, not going to just give answers as you said this is for a requirement education, and I'm not trying to be mean, but if you are getting a degree in C.S. you should be able to find and develop your own answers to something like this.(and if you took any type of class on programming PHP, and they were not already discussed, I'd be concerned about your instructor(s))

-Greg

Re: Vulnerabilities and Solutions

Posted: Thu Jan 03, 2013 3:34 pm
by hugh_rimes
requinix wrote:Vulnerabilities in PHP itself, or in PHP code?
Hi!
I need in PHP Code.
twinedev wrote:If you look around in this section, you will see several topics of what can be done wrong. Sorry, not going to just give answers as you said this is for a requirement education, and I'm not trying to be mean, but if you are getting a degree in C.S. you should be able to find and develop your own answers to something like this.(and if you took any type of class on programming PHP, and they were not already discussed, I'd be concerned about your instructor(s))

-Greg
Yes, it's for a requirement education, but this is only a small part of my big thesis, and my instructor told me to read and learn about vulnerabilities and to find the code to test on a platform-built by me. So I don't make the security code, I only make the platform work, and a small part of testing vulnerabilites and solutions.

Re: Vulnerabilities and Solutions

Posted: Thu Jan 03, 2013 4:42 pm
by requinix
hugh_rimes wrote:
requinix wrote:Vulnerabilities in PHP itself, or in PHP code?
Hi!
I need in PHP Code.
Then you definitely haven't been looking hard enough.

Re: Vulnerabilities and Solutions

Posted: Thu Jan 03, 2013 7:39 pm
by Eric!
This thread depresses me.

Have you seen the PHP Manual?

http://php.net/manual/en/security.php

Re: Vulnerabilities and Solutions

Posted: Thu Jan 03, 2013 8:20 pm
by twinedev
This is why to a lot of real programmers, a degree less than 5 years old (or older without actual work experience) doesn't mean much. Every time I pay my student loan payments, I shake my head as not one programming job I have had in the past 10 years, did the degree even make a difference, it came down to what I could show them I could do. I'm just paying for the enjoyment of the college experience (and well the laptop that I sold off about 8 years ago)

Re: Vulnerabilities and Solutions

Posted: Thu Jan 03, 2013 10:59 pm
by Benjamin
twinedev wrote:This is why to a lot of real programmers, a degree less than 5 years old (or older without actual work experience) doesn't mean much. Every time I pay my student loan payments, I shake my head as not one programming job I have had in the past 10 years, did the degree even make a difference, it came down to what I could show them I could do. I'm just paying for the enjoyment of the college experience (and well the laptop that I sold off about 8 years ago)
Yep. It's not about the degree, it's more about what can you build, and show us your code..

Re: Vulnerabilities and Solutions

Posted: Fri Jan 04, 2013 4:34 am
by twinedev
When I went for my degree, I met a lady who was very disappointed that in a 2 year programmer, she wouldn't learn everything she would ever need to know about programming. At first, I thought she was pulling my leg. She wasn't. Next day, she wasn't in the 3 classes I had with her, never saw her again. (luckily, this was the first semester of the program)