s1yman Posted April 12, 2009 Share Posted April 12, 2009 Hi all, hope you are well. I've heard a lot about php script in web pages being "vulnerable" and since I haven't learnt anything about php security I was wondering if anyone knows any free software or websites where I can scan my pages for potential holes and/or vulnerabilities? Thanks in advance, -Simon Quote Link to comment Share on other sites More sharing options...
jackpf Posted April 12, 2009 Share Posted April 12, 2009 Firefox addons! XSS me, SQL inject me. Stuff like that. Quote Link to comment Share on other sites More sharing options...
s1yman Posted April 12, 2009 Author Share Posted April 12, 2009 I'll give it a try, thanks for the quick reply! Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted April 12, 2009 Share Posted April 12, 2009 every language used can be insecure - its not inherent to that language - its the quality of te code written that is invariably insecure. Quote Link to comment Share on other sites More sharing options...
jackpf Posted April 12, 2009 Share Posted April 12, 2009 Basically, as a rule of thumb - Escape everything used in a query with mysql_real_escape_string() Escape all user input for html characters Turn off remote file inclusion in php.ini Do not rely on magic quotes Turn of register globals in php.ini I think that's pretty much it, combined with a teaspoon of common sense. Quote Link to comment Share on other sites More sharing options...
s1yman Posted April 12, 2009 Author Share Posted April 12, 2009 Firefox addons! XSS me, SQL inject me. Stuff like that. These are looking for forms, is it only scripts that process forms I need to worry about. Or is it all my scripts? every language used can be insecure - its not inherent to that language - its the quality of te code written that is invariably insecure. Yeah, I know someone didn't just turn around one day and go "let's pick on PHP!!!" As I said, I don't know much about PHP Security, so don't understand what would make a script secure or insecure? Quote Link to comment Share on other sites More sharing options...
jackpf Posted April 12, 2009 Share Posted April 12, 2009 Generally, it's only user input you have to worry about, so yeah, mainly forms. Quote Link to comment Share on other sites More sharing options...
s1yman Posted April 12, 2009 Author Share Posted April 12, 2009 kool - thanks for your help mate! Quote Link to comment Share on other sites More sharing options...
jackpf Posted April 12, 2009 Share Posted April 12, 2009 No problem. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.