Security Resources

Buddha443556 · Post by **Buddha443556** » Mon Jan 08, 2007 11:57 pm

Didn't see this posted, this cheat sheet covers more than just PHP:

http://www.secguru.com/files/cheatsheet ... sheet2.pdf

VladSun · Post by **VladSun** » Tue Jul 03, 2007 5:16 am

http://ha.ckers.org/xss.html

VladSun · Post by **VladSun** » Wed Aug 15, 2007 10:35 am

Php Endangers - Remote Code Execution: http://milw0rm.com/papers/176

Mordred · Post by **Mordred** » Mon Sep 17, 2007 2:13 pm

The Unexpected SQL Injection
(When Escaping Is Not Enough)
by yours trully

Abstract: We will look at several scenarios under which SQL injection may occur, even though mysql_real_escape_string() has been used. There are two major steps at writing SQL injection resistant code: correct validation and escaping of input and proper use of the SQL syntax. Failure to comply with any of them may lead to compromise. Many of the specific issues are already known, but no single document mentions them all.
Although the examples are built on PHP/MySQL, the same principles apply to ASP/MSSQL and other combinations of languages and databases.

http://www.webappsec.org/projects/articles/091007.shtml

Post by **RobertGonzalez** » Mon Sep 17, 2007 3:13 pm

For those that are looking for mordred's article... http://www.webappsec.org/projects/articles/091007.shtml

Mordred · Post by **Mordred** » Mon Sep 17, 2007 3:31 pm

Everah wrote:For those that are looking for mordred's article... http://www.webappsec.org/projects/articles/091007.shtml

Oh, drats, I forgot the link?! I should have my forum license revoked

Thanks, Everah!

Post by **RobertGonzalez** » Mon Sep 17, 2007 4:28 pm

You're welcome dude. It didn't take much to find it, but I figured I'd save the members that time...

zareef · Post by **zareef** » Fri Jul 10, 2009 6:09 pm

One of the major source for information about PHP Security is the mailing lists at php.net, people normally face issues and report them and then community members gives their views and it sometime become very interesting ...

cygital · Post by **cygital** » Fri Nov 13, 2009 3:25 am

Thanks

carnavia · Post by **carnavia** » Mon Aug 23, 2010 6:22 am

This is an excellent source for PHP security. I'm impressed.

zoe1adela · Post by **zoe1adela** » Tue Apr 26, 2011 1:16 am

there are so many master here that i can learn more,thank you!

srikanth03565 · Post by **srikanth03565** » Mon Jul 25, 2011 11:59 am

Nice article

meshkin · Post by **meshkin** » Wed Dec 28, 2011 1:05 pm

hi every body
how can i abstract url in php? for example, i want abstarct "www.belabela.com/about.php" to "www.belabela.com/about" or some things like this, it must change some thing in .httpaccess file?? or it is other thing?

the next question is for code source, how can prevent to save or show source code?

thx

Mordred · Post by **Mordred** » Tue Mar 13, 2012 8:06 am

A detailed and humorous account on how to (and how not to) do escaping in PHP, by our own Maugrim (aka Pádraic Brady)

A Hitchhiker’s Guide to Cross-Site Scripting (XSS) in PHP (Part 1): How Not To Use Htmlspecialchars() For Output Escaping

Post by **Christopher** » Tue Mar 13, 2012 4:31 pm

Hey Mordred, perhaps you could give us a little clearer (and less humorous) tutorial, or point us to one of yours, on how to correctly use htmlspecialchars() for output escaping and what other code is needed to ensure it is done right. For example, do you recommended using mb_convert_encoding() to convert everything to UTF8?

PHP Developers Network

Security Resources

Re: Security Resources

Re: Security Resources

Re: Security Resources

Re: Security Resources

Re: Security Resources

Re: Security Resources

Re: Security Resources

Re: Security Resources