PHP Vulnerability

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Photobrad
Forum Newbie
Posts: 1
Joined: Mon Feb 17, 2014 1:55 pm

PHP Vulnerability

Post by Photobrad »

I'm a VERY beginner PHP programmer. So far I've build an Admin back-end that lets me input data into the server database and I've also build pages that query the database and display info from that database. It's all very top-level generic stuff.

My question is, how vulnerable is generic PHP? If I don't have any fancy admin calls/function is it possible for hackers to just utilize any PHP page and execute code or hacks on the server level?

I've belonged to PHP forums before (IPB and PHPBB) and they've all had security failures... but is that because their code is so complex and extensive (and includes things like email functions) that they're easier to hack and use to execute malicious code?

In short... is ANY php page vulnerable to attack or is the PHP's vulnerability dependent on what kind of scripts you're implementing?

And if any page is vulnerable, are there basic protections that can/should be put in place to protect a site?

Thanks in advance.
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: PHP Vulnerability

Post by Celauran »

This should get you started
http://www.phptherightway.com/#security
jangmi
Forum Newbie
Posts: 11
Joined: Sat Mar 08, 2014 7:39 am

Re: PHP Vulnerability

Post by jangmi »

You can test security with Acunetix Web Vulnerability Scanner
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: PHP Vulnerability

Post by social_experiment »

Photobrad wrote: but is that because their code is so complex and extensive (and includes things like email functions) that they're easier to hack and use to execute malicious code?
i think it's more a case of code that are widely available and people can have a look at the source code making it easier for them to find any vulnerabilities.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply