PHP Security Tip #12
Cal Evans (editor) |
1 comment |
Friday, March 16, 2007
We’ve talked about filtering, we’ve talked about validating, we’ve talked about filtering again. Filtering inputs into your application is an important concept and the pre-cursor to many good security practices. However, once you have the input filtered and validated you can’t simply sit back and relax. You have to stay vigilant when programming to ensure security throughout your application.
[…]
PHP Security Tip #11
Cal Evans (editor) |
0 comments |
Thursday, March 15, 2007
I think we can all agree that users are at once the boon and the bane of our applications. On the one hand, if it weren’t for users, we wouldn’t have security problems. On the other hand, if we didn’t have users, we wouldn’t need the application to begin with. So we can all agree with the fact that in most cases, users aren’t going away.
[…]
PHP Security Tip #10
Cal Evans (editor) |
1 comment |
Wednesday, March 14, 2007
Even when doing everything correctly, it’s still possible to build PHP applications that are insecure. Security requires constant vigilance. One thing you always have to keep your eye on is any script or form that sends an email based on use input.
[…]
PHP Security Tip #9
Cal Evans (editor) |
4 comments |
Tuesday, March 13, 2007
Sometimes it’s the simplest ideas that are the most powerful. This one sounds simple but I’m always surprised at how few people understand and actually implement this idea.
[…]
PHP Security Tip #8
Cal Evans (editor) |
6 comments |
Monday, March 12, 2007
Within PHP security topics, there is always more than one way to accomplish a task. Many times it’s by combining tactics that we achieve the best security.
[…]
PHP Security Tip #7
Cal Evans (editor) |
0 comments |
Friday, March 9, 2007
When using session_regenerate_id() to protect against session fixation it’s usually a good idea to remove the old session ID.
[…]
PHP Security Tip #6
Cal Evans (editor) |
5 comments |
Thursday, March 8, 2007
The topic of writing secure applications in PHP covers more than just writing good PHP code. Most applications make use of a database of some kind. Many times, vulnerabilities that affect the entire application, are introduced when building the SQL code.
[…]
PHP Security Tip #5
Cal Evans (editor) |
1 comment |
Wednesday, March 7, 2007
PHP security is an ongoing mission requiring the programmer to think outside of the parameters of the application. It’s not enough these days to say in your mind “Does this do what I want it to do?” you also have to take into consideration “What else can people use it for and do I want to allow that?”
[…]
PHP Security Tip #4
Cal Evans (editor) |
7 comments |
Tuesday, March 6, 2007
“Security through obscurity is no security at all.” so the adage goes. However, the flip side of that coin is, obscurity, when used as part of an overall strategy, is a good thing.
[…]
PHP Security Tip #3
Cal Evans (editor) |
1 comment |
Monday, March 5, 2007
Being Security conscious is a good thing but that alone won’t solve the problem. Developers have to be vigilant when it comes to security. Even then you can’t do it alone. Today’s Security tip reminds you of this.
[…]
