473,387 Members | 1,582 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > php security reading materials

Join Bytes to post your question to a community of 473,387 software developers and data experts.

PHP Security reading materials

Hello

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.

What I'm referring to is web sites like the following :
1. http://www.securiteam.com/securityre...DP0N1P76E.html
2. http://www.unixwiz.net/techtips/sql-injection.html
3. http://www.cgisecurity.com/articles/xss-faq.shtml

That would demonstrate to me real "bad" code and the way it can be
exploited on my site.

A references to bugzilla / mailing lists of open source projects to
learn from them how to apply security would also be great IMHO.

The main security concern I seem to be unable to find good
documentations are:

1. SQL injection in the Unicode character maps; possibly a table that
would summarize all the characters to avoid / filter out from web
forms.
2. (in)Correct usage of php functions.
I know my question is general and yet I would very much appreciate
references / recommendation on reading material, as learning by trial &
error in the security field is not an option.
Thank you very much.

Cheers,
Maxim Vexler.
--

Do u GNU ?

Feb 11 '06 #1
3 1556
This book has some nice examples:
http://innocentcode.thathost.com/

Best regards

Maxim Vexler wrote:
Hello

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.

What I'm referring to is web sites like the following :
1. http://www.securiteam.com/securityre...DP0N1P76E.html
2. http://www.unixwiz.net/techtips/sql-injection.html
3. http://www.cgisecurity.com/articles/xss-faq.shtml

That would demonstrate to me real "bad" code and the way it can be
exploited on my site.

A references to bugzilla / mailing lists of open source projects to
learn from them how to apply security would also be great IMHO.

The main security concern I seem to be unable to find good
documentations are:

1. SQL injection in the Unicode character maps; possibly a table that
would summarize all the characters to avoid / filter out from web
forms.
2. (in)Correct usage of php functions.
I know my question is general and yet I would very much appreciate
references / recommendation on reading material, as learning by trial &
error in the security field is not an option.
Thank you very much.

Cheers,
Maxim Vexler.
--

Do u GNU ?

Feb 12 '06 #2
Maxim Vexler wrote:

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.


http://phpsec.org - PHP Security Consortium
http://phpsecurity.org - Essential PHP Security ISBN 059600656X

There are also quite a few on amazon, but be sure to look through the
user ratings and such as well, sometimes there are other suggestions in
there as well.
*** posted via free account from http://www.teranews.com ***
Feb 12 '06 #3
Gary L. Burnore wrote:
On Sun, 12 Feb 2006 01:56:19 +0100, Dikkie Dik <no****@nospam.org>
wrote:

This book has some nice examples:
http://innocentcode.thathost.com/

What's with the rash of top posters?
Best regards

Maxim Vexler wrote:
Hello

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.

What I'm referring to is web sites like the following :
1. http://www.securiteam.com/securityre...DP0N1P76E.html
2. http://www.unixwiz.net/techtips/sql-injection.html
3. http://www.cgisecurity.com/articles/xss-faq.shtml

That would demonstrate to me real "bad" code and the way it can be
exploited on my site.

A references to bugzilla / mailing lists of open source projects to
learn from them how to apply security would also be great IMHO.

The main security concern I seem to be unable to find good
documentations are:

1. SQL injection in the Unicode character maps; possibly a table that
would summarize all the characters to avoid / filter out from web
forms.
2. (in)Correct usage of php functions.
I know my question is general and yet I would very much appreciate
references / recommendation on reading material, as learning by trial &
error in the security field is not an option.
Thank you very much.

Cheers,
Maxim Vexler.
--

Do u GNU ?


You can thank google groups for it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Feb 12 '06 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

29
PHP Security
by: rjames.clarke | last post by:
I am developing an online application and the last thing I need to get a handle on is security. This app is very heavy with forms. Business critical data will be entered via forms and inserted in...
PHP
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
2
Framework Security Configuration
by: Matt Theule | last post by:
Where can I find information about Runtime Security Policies? I have a winform that is hosted in a webform that needs to access the filesystem. Using the Configuration mmc snapin, I have created a...
C# / C Sharp
4
ASP.NET 2.0 reading material...
by: abcd | last post by:
I am looking for ASP.NET 2.0 reading materials...may be any evaluation Free e-books....... If anybody knows pls post the links... Thanks Cheers !
ASP.NET
2
Good C materials
by: anbu | last post by:
Hi all, I am new to this group. Please provide me good C materials. Regards, ANBU
C / C++
1
Page security question....
by: smerf | last post by:
1) Let's say I have an adult site that isn't porn. It discusses sexual topics of the day in a professional, adult manner to foster understanding of sex and sexually transmitted diseases. ...
Javascript
15
Security - PHP Vs Java
by: himilecyclist | last post by:
My State government organization has written a PHP/MySQL application which has been in production for about 6 months and has been highly successful. We are now embarking on a similar database...
PHP
2
Reading this code
by: NoDBExperience | last post by:
Can anybody please tell me what the exclamation mark between materials and publisher mean? This was copied nad pasted from another table which doesn't work on this form? ! How can i take...
Microsoft Access / VBA
2
Reading/Writing data from .csv file
by: banerr2 | last post by:
I'm a beginner in C++. I'm in the process of writing an 'Automated Library Management System' using C++ on a Windows machine. I'm stuck in the midst of reading/writing data from a .csv file that...
C / C++
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!