Apparently there has been a recent report which I thought some people may be interested to view. A summary (yahoo news) is here... Websites wide open to attack.
Not sure how long the link will last though.
Websites wide open to attack ?
Moderator: General Moderators
- CoderGoblin
- DevNet Resident
- Posts: 1425
- Joined: Tue Mar 16, 2004 10:03 am
- Location: Aachen, Germany
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
- CoderGoblin
- DevNet Resident
- Posts: 1425
- Joined: Tue Mar 16, 2004 10:03 am
- Location: Aachen, Germany
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
Sounds about right - I know of lots of applications that are completely unprotected. Unfortunately they were all written by people who shouldn't ever call themselves "developers" and most of them haven't a rudimentary knowledge of PHP Security. Even the ones that do view the security issues as minor since they tend not to be big enough to attract attention. I'm sure rival scriptkiddies have bigger fish to fry like the large PHPNuke install base...
.
These sort of statistics do offer further ammunition to those who view PHP as being a security addled language. When 99% statistics are thrown around I'm sure it makes most folk deep down consider if the PHP devs would be better off figuring out ways of offering fewer methods for developers to shoot their own feet rather than continuing to blame those using the language who barely know how to type an opening tag let alone escape sql variables...
These sort of statistics do offer further ammunition to those who view PHP as being a security addled language. When 99% statistics are thrown around I'm sure it makes most folk deep down consider if the PHP devs would be better off figuring out ways of offering fewer methods for developers to shoot their own feet rather than continuing to blame those using the language who barely know how to type an opening tag let alone escape sql variables...