PHP Security Cheat Sheet OWASPDRAFT CHEATSHEET THIS IS STILL A WORK IN PROGRESS OR OUT OF DATEIntroduction. This page intends to provide basic PHP security tips for developers and administrators. Keep in mind that tips mentioned in this page may not be sufficient for securing your web application. PHP overview. PHP is the most commonly used server side programming language, with 8. W3 Techs. An open source technology, PHP is unusual in that it is both a language and a web framework, with typical web framework features built in to the language. Like all web languages, there is also a large community of libraries etc. PHP. All three aspects language, framework, and libraries need to be taken into consideration when trying to secure a PHP site. PHP is a grown language rather than deliberately engineered, making writing insecure PHP applications far too easy and common. If you want to use PHP securely, then you should be aware of all its pitfalls. Language issues. Weak typing. PHP is weakly typed, which means that it will automatically convert data of an incorrect type into the expected type. This feature very often masks errors by the developer or injections of unexpected data, leading to vulnerabilities see Input handling below for an example. Try to use functions and operators that do not do implicit type conversions e. Not all operators have strict versions for example greater than and less than, and many built in functions like inarray use weakly typed comparison functions by default, making it difficult to write correct code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
September 2018
Categories |