PHP Developers Network
http://forums.devnetwork.net/

Security Resources
http://forums.devnetwork.net/viewtopic.php?f=34&t=29269
Page 2 of 3

Author:  Buddha443556 [ Tue Jan 09, 2007 12:57 am ]
Post subject: 

Didn't see this posted, this cheat sheet covers more than just PHP:

http://www.secguru.com/files/cheatsheet ... sheet2.pdf

Author:  VladSun [ Tue Jul 03, 2007 5:16 am ]
Post subject: 

http://ha.ckers.org/xss.html

Author:  VladSun [ Wed Aug 15, 2007 10:35 am ]
Post subject: 

Php Endangers - Remote Code Execution: http://milw0rm.com/papers/176

Author:  Mordred [ Mon Sep 17, 2007 2:13 pm ]
Post subject: 

The Unexpected SQL Injection
(When Escaping Is Not Enough)
by yours trully

Quote:
Abstract: We will look at several scenarios under which SQL injection may occur, even though mysql_real_escape_string() has been used. There are two major steps at writing SQL injection resistant code: correct validation and escaping of input and proper use of the SQL syntax. Failure to comply with any of them may lead to compromise. Many of the specific issues are already known, but no single document mentions them all.
Although the examples are built on PHP/MySQL, the same principles apply to ASP/MSSQL and other combinations of languages and databases.


http://www.webappsec.org/projects/articles/091007.shtml

Author:  RobertGonzalez [ Mon Sep 17, 2007 3:13 pm ]
Post subject: 

For those that are looking for mordred's article... http://www.webappsec.org/projects/articles/091007.shtml

Author:  Mordred [ Mon Sep 17, 2007 3:31 pm ]
Post subject: 

Everah wrote:
For those that are looking for mordred's article... http://www.webappsec.org/projects/articles/091007.shtml


Oh, drats, I forgot the link?! I should have my forum license revoked ;) Thanks, Everah!

Author:  RobertGonzalez [ Mon Sep 17, 2007 4:28 pm ]
Post subject: 

You're welcome dude. It didn't take much to find it, but I figured I'd save the members that time...

Author:  zareef [ Fri Jul 10, 2009 6:09 pm ]
Post subject:  Re: Security Resources

One of the major source for information about PHP Security is the mailing lists at php.net, people normally face issues and report them and then community members gives their views and it sometime become very interesting ... :)

Author:  cygital [ Fri Nov 13, 2009 4:25 am ]
Post subject:  Re: Security Resources

Thanks :D

Author:  carnavia [ Mon Aug 23, 2010 6:22 am ]
Post subject:  Re: Security Resources

This is an excellent source for PHP security. I'm impressed.

Author:  zoe1adela [ Tue Apr 26, 2011 1:16 am ]
Post subject:  Re: Security Resources

there are so many master here that i can learn more,thank you!

Author:  srikanth03565 [ Mon Jul 25, 2011 11:59 am ]
Post subject:  Re: Security Resources

Nice article

Author:  meshkin [ Wed Dec 28, 2011 2:05 pm ]
Post subject:  Re: Security Resources

hi every body
how can i abstract url in php? for example, i want abstarct "www.belabela.com/about.php" to "www.belabela.com/about" or some things like this, it must change some thing in .httpaccess file?? or it is other thing?

the next question is for code source, how can prevent to save or show source code?

thx

Author:  Mordred [ Tue Mar 13, 2012 8:06 am ]
Post subject:  Re: Security Resources

A detailed and humorous account on how to (and how not to) do escaping in PHP, by our own Maugrim (aka Pádraic Brady)

A Hitchhiker’s Guide to Cross-Site Scripting (XSS) in PHP (Part 1): How Not To Use Htmlspecialchars() For Output Escaping

Author:  Christopher [ Tue Mar 13, 2012 4:31 pm ]
Post subject:  Re: Security Resources

Hey Mordred, perhaps you could give us a little clearer (and less humorous) tutorial, or point us to one of yours, on how to correctly use htmlspecialchars() for output escaping and what other code is needed to ensure it is done right. For example, do you recommended using mb_convert_encoding() to convert everything to UTF8?

Page 2 of 3 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/