Page 1 of 1

PHP Vulnerability

Posted: Mon Feb 17, 2014 4:52 pm
by Photobrad
I'm a VERY beginner PHP programmer. So far I've build an Admin back-end that lets me input data into the server database and I've also build pages that query the database and display info from that database. It's all very top-level generic stuff.

My question is, how vulnerable is generic PHP? If I don't have any fancy admin calls/function is it possible for hackers to just utilize any PHP page and execute code or hacks on the server level?

I've belonged to PHP forums before (IPB and PHPBB) and they've all had security failures... but is that because their code is so complex and extensive (and includes things like email functions) that they're easier to hack and use to execute malicious code?

In short... is ANY php page vulnerable to attack or is the PHP's vulnerability dependent on what kind of scripts you're implementing?

And if any page is vulnerable, are there basic protections that can/should be put in place to protect a site?

Thanks in advance.

Re: PHP Vulnerability

Posted: Mon Feb 17, 2014 5:07 pm
by Celauran
This should get you started
http://www.phptherightway.com/#security

Re: PHP Vulnerability

Posted: Mon Mar 17, 2014 5:17 am
by jangmi
You can test security with Acunetix Web Vulnerability Scanner

Re: PHP Vulnerability

Posted: Mon Mar 17, 2014 12:45 pm
by social_experiment
Photobrad wrote: but is that because their code is so complex and extensive (and includes things like email functions) that they're easier to hack and use to execute malicious code?
i think it's more a case of code that are widely available and people can have a look at the source code making it easier for them to find any vulnerabilities.