Solved

phpids integration and usage

Posted on 2013-07-01
7
253 Views
Last Modified: 2013-08-04
Hi EE,

Please do let me know steps to integrate phpids and how to verify if its working and monitor the attacks.
0
Comment
Question by:Insoftservice
  • 4
  • 2
7 Comments
 
LVL 54

Assisted Solution

by:Julian Hansen
Julian Hansen earned 300 total points
ID: 39289526
I would start with reading the FAQ
https://phpids.org/faq/
0
 
LVL 15

Author Comment

by:Insoftservice
ID: 39289637
@julianH i tried with but was not completely successful.
Please do let me know whether we have some API which would not only detect attacks but also avoid it.PHPIDS detects all sorts of XSS, SQL Injection, header injection, directory traversal, RFE/LFI, DoS and LDAP attacks. But it does not prevent it.

Is there some api which does both specially sql injection.
0
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 200 total points
ID: 39289748
I would probably approach this from a different perspective, especially since it's at level 0.7 and since I got the "Untrusted Connection" warning when I tried to visit the phpids link.

Instead of trying to enumerate the threats and attacks, just switch your thinking to the security mantra: Accept Only Known Good Values.  To be sure, there are still attacks that can be mounted against thoughtfully secured web sites, but they are far less likely to succeed if your script tests every external input for "reasonable" values and simply ignores the ones that fail the reasonability tests.

This link (and the whole organization) may be useful.  If you're not a member, join!
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 15

Author Comment

by:Insoftservice
ID: 39292202
0
 
LVL 15

Author Comment

by:Insoftservice
ID: 39369133
c
0
 
LVL 54

Accepted Solution

by:
Julian Hansen earned 300 total points
ID: 39369276
Is there some api which does both specially sql injection.
Don't look for an API to do this for you - to prevent SQL injection code your page and queries correctly.

Use either mysqli or PDO

A) Put all data to go to database through mysqli_real_escape_string (in the case of mysqli
B) Use prepared statements
0
 
LVL 15

Author Closing Comment

by:Insoftservice
ID: 39380283
Issue had got already resolved, but the suggestion was also up-to the mark to resolve and tackle my questions more easily thx to all
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now