PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sat Sep 22, 2018 12:58 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: PHP Vulnerability
PostPosted: Mon Feb 17, 2014 5:52 pm 
Offline
Forum Newbie

Joined: Mon Feb 17, 2014 2:55 pm
Posts: 1
I'm a VERY beginner PHP programmer. So far I've build an Admin back-end that lets me input data into the server database and I've also build pages that query the database and display info from that database. It's all very top-level generic stuff.

My question is, how vulnerable is generic PHP? If I don't have any fancy admin calls/function is it possible for hackers to just utilize any PHP page and execute code or hacks on the server level?

I've belonged to PHP forums before (IPB and PHPBB) and they've all had security failures... but is that because their code is so complex and extensive (and includes things like email functions) that they're easier to hack and use to execute malicious code?

In short... is ANY php page vulnerable to attack or is the PHP's vulnerability dependent on what kind of scripts you're implementing?

And if any page is vulnerable, are there basic protections that can/should be put in place to protect a site?

Thanks in advance.


Top
 Profile  
 
 Post subject: Re: PHP Vulnerability
PostPosted: Mon Feb 17, 2014 6:07 pm 
Offline
Moderator
User avatar

Joined: Tue Nov 09, 2010 3:39 pm
Posts: 6424
Location: Montreal, Canada
This should get you started
http://www.phptherightway.com/#security

_________________
Supported PHP versions No longer supported versions


Top
 Profile  
 
 Post subject: Re: PHP Vulnerability
PostPosted: Mon Mar 17, 2014 5:17 am 
Offline
Forum Newbie

Joined: Sat Mar 08, 2014 8:39 am
Posts: 11
You can test security with Acunetix Web Vulnerability Scanner


Top
 Profile  
 
 Post subject: Re: PHP Vulnerability
PostPosted: Mon Mar 17, 2014 12:45 pm 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
Photobrad wrote:
but is that because their code is so complex and extensive (and includes things like email functions) that they're easier to hack and use to execute malicious code?

i think it's more a case of code that are widely available and people can have a look at the source code making it easier for them to find any vulnerabilities.

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group