Page 2 of 3

Posted: Mon Jan 08, 2007 11:57 pm
by Buddha443556
Didn't see this posted, this cheat sheet covers more than just PHP:

http://www.secguru.com/files/cheatsheet ... sheet2.pdf

Posted: Tue Jul 03, 2007 5:16 am
by VladSun

Posted: Wed Aug 15, 2007 10:35 am
by VladSun
Php Endangers - Remote Code Execution: http://milw0rm.com/papers/176

Posted: Mon Sep 17, 2007 2:13 pm
by Mordred
The Unexpected SQL Injection
(When Escaping Is Not Enough)
by yours trully
Abstract: We will look at several scenarios under which SQL injection may occur, even though mysql_real_escape_string() has been used. There are two major steps at writing SQL injection resistant code: correct validation and escaping of input and proper use of the SQL syntax. Failure to comply with any of them may lead to compromise. Many of the specific issues are already known, but no single document mentions them all.
Although the examples are built on PHP/MySQL, the same principles apply to ASP/MSSQL and other combinations of languages and databases.
http://www.webappsec.org/projects/articles/091007.shtml

Posted: Mon Sep 17, 2007 3:13 pm
by RobertGonzalez
For those that are looking for mordred's article... http://www.webappsec.org/projects/articles/091007.shtml

Posted: Mon Sep 17, 2007 3:31 pm
by Mordred
Everah wrote:For those that are looking for mordred's article... http://www.webappsec.org/projects/articles/091007.shtml
Oh, drats, I forgot the link?! I should have my forum license revoked ;) Thanks, Everah!

Posted: Mon Sep 17, 2007 4:28 pm
by RobertGonzalez
You're welcome dude. It didn't take much to find it, but I figured I'd save the members that time...

Re: Security Resources

Posted: Fri Jul 10, 2009 6:09 pm
by zareef
One of the major source for information about PHP Security is the mailing lists at php.net, people normally face issues and report them and then community members gives their views and it sometime become very interesting ... :)

Re: Security Resources

Posted: Fri Nov 13, 2009 3:25 am
by cygital
Thanks :D

Re: Security Resources

Posted: Mon Aug 23, 2010 6:22 am
by carnavia
This is an excellent source for PHP security. I'm impressed.

Re: Security Resources

Posted: Tue Apr 26, 2011 1:16 am
by zoe1adela
there are so many master here that i can learn more,thank you!

Re: Security Resources

Posted: Mon Jul 25, 2011 11:59 am
by srikanth03565
Nice article

Re: Security Resources

Posted: Wed Dec 28, 2011 1:05 pm
by meshkin
hi every body
how can i abstract url in php? for example, i want abstarct "www.belabela.com/about.php" to "www.belabela.com/about" or some things like this, it must change some thing in .httpaccess file?? or it is other thing?

the next question is for code source, how can prevent to save or show source code?

thx

Re: Security Resources

Posted: Tue Mar 13, 2012 8:06 am
by Mordred
A detailed and humorous account on how to (and how not to) do escaping in PHP, by our own Maugrim (aka Pádraic Brady)

A Hitchhiker’s Guide to Cross-Site Scripting (XSS) in PHP (Part 1): How Not To Use Htmlspecialchars() For Output Escaping

Re: Security Resources

Posted: Tue Mar 13, 2012 4:31 pm
by Christopher
Hey Mordred, perhaps you could give us a little clearer (and less humorous) tutorial, or point us to one of yours, on how to correctly use htmlspecialchars() for output escaping and what other code is needed to ensure it is done right. For example, do you recommended using mb_convert_encoding() to convert everything to UTF8?