I'm a VERY beginner PHP programmer. So far I've build an Admin back-end that lets me input data into the server database and I've also build pages that query the database and display info from that database. It's all very top-level generic stuff.
My question is, how vulnerable is generic PHP? If I don't have any fancy admin calls/function is it possible for hackers to just utilize any PHP page and execute code or hacks on the server level?
I've belonged to PHP forums before (IPB and PHPBB) and they've all had security failures... but is that because their code is so complex and extensive (and includes things like email functions) that they're easier to hack and use to execute malicious code?
In short... is ANY php page vulnerable to attack or is the PHP's vulnerability dependent on what kind of scripts you're implementing?
And if any page is vulnerable, are there basic protections that can/should be put in place to protect a site?
Thanks in advance.
PHP Vulnerability
Moderator: General Moderators
Re: PHP Vulnerability
This should get you started
http://www.phptherightway.com/#security
http://www.phptherightway.com/#security
Re: PHP Vulnerability
You can test security with Acunetix Web Vulnerability Scanner
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: PHP Vulnerability
i think it's more a case of code that are widely available and people can have a look at the source code making it easier for them to find any vulnerabilities.Photobrad wrote: but is that because their code is so complex and extensive (and includes things like email functions) that they're easier to hack and use to execute malicious code?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering