Security Resources

View unanswered posts | View active topics

Board index » Programming » PHP - Security

All times are UTC - 5 hours

Moderator: General Moderators

Page 2 of 3

[ 37 posts ]

Go to page Previous 1, 2, 3 Next

Print view

Previous topic | Next topic

Author

Message

Buddha443556

Post subject:

Posted: Tue Jan 09, 2007 12:57 am

Forum Regular

Joined: Fri Mar 19, 2004 2:51 pm
Posts: 873

Didn't see this posted, this cheat sheet covers more than just PHP:

http://www.secguru.com/files/cheatsheet ... sheet2.pdf

Top

VladSun

Post subject:

Posted: Tue Jul 03, 2007 5:16 am

DevNet Master

Joined: Wed Jun 27, 2007 9:44 am
Posts: 4313
Location: Sofia, Bulgaria

http://ha.ckers.org/xss.html

Top

VladSun

Post subject:

Posted: Wed Aug 15, 2007 10:35 am

DevNet Master

Joined: Wed Jun 27, 2007 9:44 am
Posts: 4313
Location: Sofia, Bulgaria

Php Endangers - Remote Code Execution: http://milw0rm.com/papers/176

_________________
There are 10 types of people in this world, those who understand binary and those who don't

Top

Mordred

Post subject:

Posted: Mon Sep 17, 2007 2:13 pm

DevNet Resident

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria

The Unexpected SQL Injection
(When Escaping Is Not Enough)
by yours trully

Quote:

Abstract: We will look at several scenarios under which SQL injection may occur, even though mysql_real_escape_string() has been used. There are two major steps at writing SQL injection resistant code: correct validation and escaping of input and proper use of the SQL syntax. Failure to comply with any of them may lead to compromise. Many of the specific issues are already known, but no single document mentions them all.
Although the examples are built on PHP/MySQL, the same principles apply to ASP/MSSQL and other combinations of languages and databases.

http://www.webappsec.org/projects/articles/091007.shtml

Last edited by Mordred on Mon Sep 17, 2007 3:32 pm, edited 1 time in total.

Top

RobertGonzalez

Post subject:

Posted: Mon Sep 17, 2007 3:13 pm

Site Administrator

Joined: Tue Sep 09, 2003 6:04 pm
Posts: 14293
Location: Fremont, CA, USA

For those that are looking for mordred's article... http://www.webappsec.org/projects/articles/091007.shtml

Top

Mordred

Post subject:

Posted: Mon Sep 17, 2007 3:31 pm

DevNet Resident

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria

Everah wrote:

For those that are looking for mordred's article... http://www.webappsec.org/projects/articles/091007.shtml

Oh, drats, I forgot the link?! I should have my forum license revoked

Thanks, Everah!

Top

RobertGonzalez

Post subject:

Posted: Mon Sep 17, 2007 4:28 pm

Site Administrator

Joined: Tue Sep 09, 2003 6:04 pm
Posts: 14293
Location: Fremont, CA, USA

You're welcome dude. It didn't take much to find it, but I figured I'd save the members that time...

Top

zareef

Post subject: Re: Security Resources

Posted: Fri Jul 10, 2009 6:09 pm

Forum Newbie

Joined: Wed Aug 03, 2005 3:21 am
Posts: 3
Location: India

One of the major source for information about PHP Security is the mailing lists at php.net, people normally face issues and report them and then community members gives their views and it sometime become very interesting ...

Top

cygital

Post subject: Re: Security Resources

Posted: Fri Nov 13, 2009 4:25 am

Forum Newbie

Joined: Mon Nov 03, 2008 5:11 am
Posts: 4
Location: Abuja, Nigeria

Thanks

Top

carnavia

Post subject: Re: Security Resources

Posted: Mon Aug 23, 2010 6:22 am

Forum Newbie

Joined: Sun Jul 18, 2010 11:27 pm
Posts: 18

This is an excellent source for PHP security. I'm impressed.

Top

zoe1adela

Post subject: Re: Security Resources

Posted: Tue Apr 26, 2011 1:16 am

Forum Newbie

Joined: Sun Mar 20, 2011 9:55 pm
Posts: 3

there are so many master here that i can learn more,thank you!

Top

srikanth03565

Post subject: Re: Security Resources

Posted: Mon Jul 25, 2011 11:59 am

Forum Newbie

Joined: Sat Jul 16, 2011 12:13 am
Posts: 10

Nice article

Top

meshkin

Post subject: Re: Security Resources

Posted: Wed Dec 28, 2011 2:05 pm

Forum Newbie

Joined: Wed Dec 28, 2011 1:29 pm
Posts: 1

hi every body
how can i abstract url in php? for example, i want abstarct "www.belabela.com/about.php" to "www.belabela.com/about" or some things like this, it must change some thing in .httpaccess file?? or it is other thing?

the next question is for code source, how can prevent to save or show source code?

thx

Top

Mordred

Post subject: Re: Security Resources

Posted: Tue Mar 13, 2012 8:06 am

DevNet Resident

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria

A detailed and humorous account on how to (and how not to) do escaping in PHP, by our own Maugrim (aka Pádraic Brady)

A Hitchhiker’s Guide to Cross-Site Scripting (XSS) in PHP (Part 1): How Not To Use Htmlspecialchars() For Output Escaping

Top

Christopher

Post subject: Re: Security Resources

Posted: Tue Mar 13, 2012 4:31 pm

Site Administrator

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13587
Location: New York, NY, US

Hey Mordred, perhaps you could give us a little clearer (and less humorous) tutorial, or point us to one of yours, on how to correctly use htmlspecialchars() for output escaping and what other code is needed to ensure it is done right. For example, do you recommended using mb_convert_encoding() to convert everything to UTF8?

_________________
(#10850)

Top

Page 2 of 3

[ 37 posts ]

Go to page Previous 1, 2, 3 Next

Board index » Programming » PHP - Security

All times are UTC - 5 hours

Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to: