As you know, everyone touch the web pages. Application are hard to secure.When it comes to security, remember that in addition to actual platform and operating system security issues, you need to ensure that you write your application to be secure.
PHP programming mistakes that can result in security holes. By showing you what not to do, and how each particular flaw can be exploited, I hope that you’ll understand not just how to avoid these particular mistakes, but also why they result in security vulnerabilities. Understanding each possible flaw will help you avoid making the same mistakes in your PHP applications.
PHP programming mistakes that can result in security holes. By showing you what not to do, and how each particular flaw can be exploited, I hope that you’ll understand not just how to avoid these particular mistakes, but also why they result in security vulnerabilities. Understanding each possible flaw will help you avoid making the same mistakes in your PHP applications.
- Validate Input
We can not trust on user input so we need to validate input DATA( Client side as well server side) before saving the data in the database. - Register Global
Register Global should be off in php_ini configuration file - Minimize hidden Input Fields
Hidden fields in the form should be use as minimum as possible. - Database
Your database related query should be protect mysql_injection.User password should be stored in md5 hash format. - Session Management
After login the user session should be regenered to insure user is valid. - XSS Vulnerabilities
To protect data against XSS attacks, filter your input through thehtmlentities()function whenever the value of a variable is printed to the output. - Valid Post
To halt invalid post by the hacker, need to use one time form token. A form must have the token Id that is valid for only one time post data to the server.
No comments:
Post a Comment