s1yman Posted April 12, 2009 Share Posted April 12, 2009 Hi all, hope you are well. I've heard a lot about php script in web pages being "vulnerable" and since I haven't learnt anything about php security I was wondering if anyone knows any free software or websites where I can scan my pages for potential holes and/or vulnerabilities? Thanks in advance, -Simon Link to comment https://forums.phpfreaks.com/topic/153762-solved-php-security-testing-advice-needed-please/ Share on other sites More sharing options...
jackpf Posted April 12, 2009 Share Posted April 12, 2009 Firefox addons! XSS me, SQL inject me. Stuff like that. Link to comment https://forums.phpfreaks.com/topic/153762-solved-php-security-testing-advice-needed-please/#findComment-808104 Share on other sites More sharing options...
s1yman Posted April 12, 2009 Author Share Posted April 12, 2009 I'll give it a try, thanks for the quick reply! Link to comment https://forums.phpfreaks.com/topic/153762-solved-php-security-testing-advice-needed-please/#findComment-808106 Share on other sites More sharing options...
ToonMariner Posted April 12, 2009 Share Posted April 12, 2009 every language used can be insecure - its not inherent to that language - its the quality of te code written that is invariably insecure. Link to comment https://forums.phpfreaks.com/topic/153762-solved-php-security-testing-advice-needed-please/#findComment-808109 Share on other sites More sharing options...
jackpf Posted April 12, 2009 Share Posted April 12, 2009 Basically, as a rule of thumb - Escape everything used in a query with mysql_real_escape_string() Escape all user input for html characters Turn off remote file inclusion in php.ini Do not rely on magic quotes Turn of register globals in php.ini I think that's pretty much it, combined with a teaspoon of common sense. Link to comment https://forums.phpfreaks.com/topic/153762-solved-php-security-testing-advice-needed-please/#findComment-808115 Share on other sites More sharing options...
s1yman Posted April 12, 2009 Author Share Posted April 12, 2009 Firefox addons! XSS me, SQL inject me. Stuff like that. These are looking for forms, is it only scripts that process forms I need to worry about. Or is it all my scripts? every language used can be insecure - its not inherent to that language - its the quality of te code written that is invariably insecure. Yeah, I know someone didn't just turn around one day and go "let's pick on PHP!!!" As I said, I don't know much about PHP Security, so don't understand what would make a script secure or insecure? Link to comment https://forums.phpfreaks.com/topic/153762-solved-php-security-testing-advice-needed-please/#findComment-808117 Share on other sites More sharing options...
jackpf Posted April 12, 2009 Share Posted April 12, 2009 Generally, it's only user input you have to worry about, so yeah, mainly forms. Link to comment https://forums.phpfreaks.com/topic/153762-solved-php-security-testing-advice-needed-please/#findComment-808127 Share on other sites More sharing options...
s1yman Posted April 12, 2009 Author Share Posted April 12, 2009 kool - thanks for your help mate! Link to comment https://forums.phpfreaks.com/topic/153762-solved-php-security-testing-advice-needed-please/#findComment-808130 Share on other sites More sharing options...
jackpf Posted April 12, 2009 Share Posted April 12, 2009 No problem. Link to comment https://forums.phpfreaks.com/topic/153762-solved-php-security-testing-advice-needed-please/#findComment-808131 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.