473,756 Members | 8,132 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

PHP Security reading materials

Hello

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.

What I'm referring to is web sites like the following :
1. http://www.securiteam.com/securityre...DP0N1P76E.html
2. http://www.unixwiz.net/techtips/sql-injection.html
3. http://www.cgisecurity.com/articles/xss-faq.shtml

That would demonstrate to me real "bad" code and the way it can be
exploited on my site.

A references to bugzilla / mailing lists of open source projects to
learn from them how to apply security would also be great IMHO.

The main security concern I seem to be unable to find good
documentations are:

1. SQL injection in the Unicode character maps; possibly a table that
would summarize all the characters to avoid / filter out from web
forms.
2. (in)Correct usage of php functions.
I know my question is general and yet I would very much appreciate
references / recommendation on reading material, as learning by trial &
error in the security field is not an option.
Thank you very much.

Cheers,
Maxim Vexler.
--

Do u GNU ?

Feb 11 '06 #1
3 1588
This book has some nice examples:
http://innocentcode.thathost.com/

Best regards

Maxim Vexler wrote:
Hello

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.

What I'm referring to is web sites like the following :
1. http://www.securiteam.com/securityre...DP0N1P76E.html
2. http://www.unixwiz.net/techtips/sql-injection.html
3. http://www.cgisecurity.com/articles/xss-faq.shtml

That would demonstrate to me real "bad" code and the way it can be
exploited on my site.

A references to bugzilla / mailing lists of open source projects to
learn from them how to apply security would also be great IMHO.

The main security concern I seem to be unable to find good
documentations are:

1. SQL injection in the Unicode character maps; possibly a table that
would summarize all the characters to avoid / filter out from web
forms.
2. (in)Correct usage of php functions.
I know my question is general and yet I would very much appreciate
references / recommendation on reading material, as learning by trial &
error in the security field is not an option.
Thank you very much.

Cheers,
Maxim Vexler.
--

Do u GNU ?

Feb 12 '06 #2
Maxim Vexler wrote:

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.


http://phpsec.org - PHP Security Consortium
http://phpsecurity.org - Essential PHP Security ISBN 059600656X

There are also quite a few on amazon, but be sure to look through the
user ratings and such as well, sometimes there are other suggestions in
there as well.
*** posted via free account from http://www.teranews.com ***
Feb 12 '06 #3
Gary L. Burnore wrote:
On Sun, 12 Feb 2006 01:56:19 +0100, Dikkie Dik <no****@nospam. org>
wrote:

This book has some nice examples:
http://innocentcode.thathost.com/

What's with the rash of top posters?
Best regards

Maxim Vexler wrote:
Hello

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.

What I'm referring to is web sites like the following :
1. http://www.securiteam.com/securityre...DP0N1P76E.html
2. http://www.unixwiz.net/techtips/sql-injection.html
3. http://www.cgisecurity.com/articles/xss-faq.shtml

That would demonstrate to me real "bad" code and the way it can be
exploited on my site.

A references to bugzilla / mailing lists of open source projects to
learn from them how to apply security would also be great IMHO.

The main security concern I seem to be unable to find good
documentatio ns are:

1. SQL injection in the Unicode character maps; possibly a table that
would summarize all the characters to avoid / filter out from web
forms.
2. (in)Correct usage of php functions.
I know my question is general and yet I would very much appreciate
references / recommendation on reading material, as learning by trial &
error in the security field is not an option.
Thank you very much.

Cheers,
Maxim Vexler.
--

Do u GNU ?


You can thank google groups for it.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
Feb 12 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
29
3037
PHP Security
by: rjames.clarke | last post by:
I am developing an online application and the last thing I need to get a handle on is security. This app is very heavy with forms. Business critical data will be entered via forms and inserted in to a database (mysql). I've google "php security" and from what I've read, I should: 1) Filter all form data by stripping all non-alpha/numeric characters out,
PHP
116
7546
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data and some who couldn't but that it wasn't important right now. And I said, 'sure, we can do that later'. So now I've developed an app without any thought to security and am trying to apply it afterwards. Doh!, doh! and triple doh!
Microsoft Access / VBA
2
1773
Framework Security Configuration
by: Matt Theule | last post by:
Where can I find information about Runtime Security Policies? I have a winform that is hosted in a webform that needs to access the filesystem. Using the Configuration mmc snapin, I have created a code group that has 'full trust' for any assembly from the specified URL (a local intranet server). In this configuration, a Security exception is thrown when trying to copy a file. When I use the Security Wizard, and elevate the Local...
C# / C Sharp
4
1502
ASP.NET 2.0 reading material...
by: abcd | last post by:
I am looking for ASP.NET 2.0 reading materials...may be any evaluation Free e-books....... If anybody knows pls post the links... Thanks Cheers !
ASP.NET
2
1381
Good C materials
by: anbu | last post by:
Hi all, I am new to this group. Please provide me good C materials. Regards, ANBU
C / C++
1
954
Page security question....
by: smerf | last post by:
1) Let's say I have an adult site that isn't porn. It discusses sexual topics of the day in a professional, adult manner to foster understanding of sex and sexually transmitted diseases. Let's further suppose that there are internet filters that are letting my pages through, but stripping content because of an offending word here or there. Is there any way (perhaps using activex, flash, javascript or another
Javascript
15
10511
Security - PHP Vs Java
by: himilecyclist | last post by:
My State government organization has written a PHP/MySQL application which has been in production for about 6 months and has been highly successful. We are now embarking on a similar database application, but one with much higher security concerns (birth data). Prior to beginning the project, we met with an oversight committee who strongly advised against PHP and suggested Java. Their concern was that PHP could not be trusted to...
PHP
2
1126
Reading this code
by: NoDBExperience | last post by:
Can anybody please tell me what the exclamation mark between materials and publisher mean? This was copied nad pasted from another table which doesn't work on this form? ! How can i take data from another table and list it onto a report?? Does that data table need to be binded to the report?
Microsoft Access / VBA
2
10738
Reading/Writing data from .csv file
by: banerr2 | last post by:
I'm a beginner in C++. I'm in the process of writing an 'Automated Library Management System' using C++ on a Windows machine. I'm stuck in the midst of reading/writing data from a .csv file that holds the information about materials available in the library. Any help is greatly appreciated!
C / C++
0
9456
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9275
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10040
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9873
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
9846
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
6534
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5142
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5304
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
3
2666
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us